Liferay

Portal

145 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.9

CVE-2025-62250

  • EPSS 0.05%
  • Veröffentlicht 21.10.2025 15:40:52
  • Zuletzt bearbeitet 21.10.2025 19:31:25

Improper Authentication in Liferay Portal 7.4.0 through 7.4.3.132, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remot...

4.8

CVE-2025-62251

  • EPSS 0.05%
  • Veröffentlicht 13.10.2025 21:23:34
  • Zuletzt bearbeitet 14.10.2025 19:36:29

Liferay Portal 7.3.0 through 7.4.3.119, and Liferay DXP 2023.Q3.1 through 2023.Q3.8, 2023.Q4.0 through 2023.Q4.5, 7.4 GA through update 92 and 7.3 GA though update 36 shows content to users who do not have permission to view it via the Menu Display W...

5.3

CVE-2025-62252

  • EPSS 0.16%
  • Veröffentlicht 13.10.2025 20:42:23
  • Zuletzt bearbeitet 14.10.2025 19:36:29

Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupporte...

4.8

CVE-2025-62246

  • EPSS 0.19%
  • Veröffentlicht 13.10.2025 20:21:28
  • Zuletzt bearbeitet 14.10.2025 19:36:29

Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupp...

4.3

CVE-2025-62242

  • EPSS 0.04%
  • Veröffentlicht 13.10.2025 19:10:30
  • Zuletzt bearbeitet 07.11.2025 19:11:06

Insecure Direct Object Reference (IDOR) vulnerability with account addresses in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticat...

5.3

CVE-2025-62243

  • EPSS 0.12%
  • Veröffentlicht 13.10.2025 17:14:58
  • Zuletzt bearbeitet 14.10.2025 19:36:29

Insecure direct object reference (IDOR) vulnerability in Publications in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated attack...

4.8

CVE-2025-62244

  • EPSS 0.16%
  • Veröffentlicht 13.10.2025 16:53:35
  • Zuletzt bearbeitet 14.10.2025 19:36:29

Insecure direct object reference (IDOR) vulnerability in Publications in Liferay Portal 7.3.1 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92, and 7.3 GA through update 36 allo...

5.1

CVE-2025-62245

  • EPSS 0.02%
  • Veröffentlicht 10.10.2025 19:12:11
  • Zuletzt bearbeitet 14.10.2025 19:36:59

Cross-site request forgery (CSRF) vulnerability in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to add and edit publication com...

4.8

CVE-2025-62237

  • EPSS 0.19%
  • Veröffentlicht 10.10.2025 12:51:14
  • Zuletzt bearbeitet 14.10.2025 19:36:59

Stored cross-site scripting (XSS) vulnerability in Commerce’s view order page in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 8 through update 92 allows remote atta...

4.8

CVE-2025-62238

  • EPSS 0.19%
  • Veröffentlicht 10.10.2025 12:33:36
  • Zuletzt bearbeitet 14.10.2025 19:36:59

Stored cross-site scripting (XSS) vulnerability on the Membership page in Account Settings in Liferay Portal 7.4.3.21 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 21 through update 92 all...