Liferay

Portal

145 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2025-43819

  • EPSS 0.06%
  • Veröffentlicht 24.09.2025 02:15:31
  • Zuletzt bearbeitet 24.09.2025 18:11:24

A Insufficient Session Expiration vulnerability in the Liferay Portal 7.4.3.121 through 7.3.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, and 2024.Q1.1 through 2024.Q1.12 is allow an r...

6.9

CVE-2025-43779

  • EPSS 0.23%
  • Veröffentlicht 24.09.2025 01:15:30
  • Zuletzt bearbeitet 24.09.2025 18:11:24

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 allows a remote authenticated attacker to inject JavaScript code via _com_li...

5.3

CVE-2025-43810

  • EPSS 0.19%
  • Veröffentlicht 22.09.2025 23:15:37
  • Zuletzt bearbeitet 24.09.2025 18:11:34

Insecure Direct Object Reference (IDOR) vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote authentic...

6.9

CVE-2025-43814

  • EPSS 0.2%
  • Veröffentlicht 22.09.2025 23:15:37
  • Zuletzt bearbeitet 24.09.2025 18:11:34

In Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions the audit events records a user’s password ...

5.3

CVE-2025-43806

  • EPSS 0.2%
  • Veröffentlicht 22.09.2025 22:15:43
  • Zuletzt bearbeitet 24.09.2025 18:11:34

Batch Engine in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.7, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 does not properly check permission with import and export tasks, which allows remote authe...

4.8

CVE-2025-43807

  • EPSS 0.23%
  • Veröffentlicht 22.09.2025 16:17:24
  • Zuletzt bearbeitet 22.09.2025 21:22:33

Stored cross-site scripting (XSS) vulnerability in the notifications widget in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to ...

6.9

CVE-2025-43808

  • EPSS 0.07%
  • Veröffentlicht 19.09.2025 20:37:22
  • Zuletzt bearbeitet 22.09.2025 21:23:01

The Commerce component in Liferay Portal 7.3.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and 7.3 service pack 3 through update 35 saves virtual products uploaded to Documen...

5.1

CVE-2025-43809

  • EPSS 0.02%
  • Veröffentlicht 19.09.2025 19:15:50
  • Zuletzt bearbeitet 22.09.2025 21:23:01

Cross-Site Request Forgery (CSRF) vulnerability in the server (license) registration page in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.7, 2023.Q3.1 through 2023.Q3.9, 7.4 GA thro...

6.9

CVE-2025-43803

  • EPSS 0.2%
  • Veröffentlicht 19.09.2025 18:50:09
  • Zuletzt bearbeitet 22.09.2025 21:23:01

Insecure direct object reference (IDOR) vulnerability in the Contacts Center widget in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through u...

6.1

CVE-2025-43804

  • EPSS 0.05%
  • Veröffentlicht 16.09.2025 22:23:13
  • Zuletzt bearbeitet 07.11.2025 19:15:48

Cross-site scripting (XSS) vulnerability in Search widget in Liferay Portal 7.4.3.93 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_portal_...