Liferay

Portal

107 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.9

CVE-2025-43803

  • EPSS 0.17%
  • Veröffentlicht 19.09.2025 18:50:09
  • Zuletzt bearbeitet 22.09.2025 21:23:01

Insecure direct object reference (IDOR) vulnerability in the Contacts Center widget in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through u...

5.1

CVE-2025-43804

  • EPSS 0.2%
  • Veröffentlicht 16.09.2025 22:23:13
  • Zuletzt bearbeitet 17.09.2025 14:18:55

Cross-site scripting (XSS) vulnerability in Search widget in Liferay Portal 7.4.3.93 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_portal_...

6.9

CVE-2025-43805

  • EPSS 0.19%
  • Veröffentlicht 16.09.2025 21:33:50
  • Zuletzt bearbeitet 17.09.2025 14:18:55

Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, and 7.3 GA through update 35 does not perform an authorization check when users attempt to view a display page template, which a...

6.9

CVE-2025-43801

  • EPSS 0.23%
  • Veröffentlicht 16.09.2025 16:09:05
  • Zuletzt bearbeitet 17.09.2025 14:18:55

Unchecked input for loop condition vulnerability in XML-RPC in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and old...

4.8

CVE-2025-43802

  • EPSS 0.17%
  • Veröffentlicht 15.09.2025 21:58:18
  • Zuletzt bearbeitet 16.09.2025 12:49:16

Stored cross-site scripting (XSS) vulnerability in a custom object’s /o/c/<object-name> API endpoint in Liferay Portal 7.4.3.51 through 7.4.3.109, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 update 51 through update 92, and 7.3 update 33 through...

5.3

CVE-2025-43797

  • EPSS 0.16%
  • Veröffentlicht 15.09.2025 21:28:30
  • Zuletzt bearbeitet 16.09.2025 12:49:16

In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the default membership type of a newly created site is “Open” which...

6.9

CVE-2025-43799

  • EPSS 0.19%
  • Veröffentlicht 15.09.2025 20:19:28
  • Zuletzt bearbeitet 16.09.2025 12:49:16

Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35, and older unsupported versions does not limit access to APIs before...

4.8

CVE-2025-43800

  • EPSS 0.17%
  • Veröffentlicht 15.09.2025 19:15:35
  • Zuletzt bearbeitet 16.09.2025 12:49:16

Cross-site scripting (XSS) vulnerability in Objects in Liferay Portal 7.4.3.20 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a...

4.8

CVE-2025-43791

  • EPSS 0.17%
  • Veröffentlicht 15.09.2025 18:15:37
  • Zuletzt bearbeitet 16.09.2025 12:49:16

Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 36 allow remote attackers to inject arbitrary we...

2.3

CVE-2025-43792

  • EPSS 0.15%
  • Veröffentlicht 15.09.2025 16:19:13
  • Zuletzt bearbeitet 16.09.2025 12:49:16

Remote staging in Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly obt...