Liferay

Portal

145 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.9

CVE-2025-43805

  • EPSS 0.21%
  • Veröffentlicht 16.09.2025 21:33:50
  • Zuletzt bearbeitet 17.09.2025 14:18:55

Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, and 7.3 GA through update 35 does not perform an authorization check when users attempt to view a display page template, which a...

6.9

CVE-2025-43801

  • EPSS 0.29%
  • Veröffentlicht 16.09.2025 16:09:05
  • Zuletzt bearbeitet 17.09.2025 14:18:55

Unchecked input for loop condition vulnerability in XML-RPC in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and old...

6.1

CVE-2025-43802

  • EPSS 0.23%
  • Veröffentlicht 15.09.2025 21:58:18
  • Zuletzt bearbeitet 12.12.2025 15:26:41

Stored cross-site scripting (XSS) vulnerability in a custom object’s /o/c/<object-name> API endpoint in Liferay Portal 7.4.3.51 through 7.4.3.109, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 update 51 through update 92, and 7.3 update 33 through...

5.3

CVE-2025-43797

  • EPSS 0.22%
  • Veröffentlicht 15.09.2025 21:28:30
  • Zuletzt bearbeitet 16.09.2025 12:49:16

In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the default membership type of a newly created site is “Open” which...

6.9

CVE-2025-43799

  • EPSS 0.21%
  • Veröffentlicht 15.09.2025 20:19:28
  • Zuletzt bearbeitet 16.09.2025 12:49:16

Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35, and older unsupported versions does not limit access to APIs before...

4.8

CVE-2025-43800

  • EPSS 0.23%
  • Veröffentlicht 15.09.2025 19:15:35
  • Zuletzt bearbeitet 16.09.2025 12:49:16

Cross-site scripting (XSS) vulnerability in Objects in Liferay Portal 7.4.3.20 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a...

4.8

CVE-2025-43791

  • EPSS 0.23%
  • Veröffentlicht 15.09.2025 18:15:37
  • Zuletzt bearbeitet 16.09.2025 12:49:16

Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 36 allow remote attackers to inject arbitrary we...

2.3

CVE-2025-43792

  • EPSS 0.2%
  • Veröffentlicht 15.09.2025 16:19:13
  • Zuletzt bearbeitet 16.09.2025 12:49:16

Remote staging in Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly obt...

6.9

CVE-2025-43793

  • EPSS 0.27%
  • Veröffentlicht 15.09.2025 15:34:11
  • Zuletzt bearbeitet 16.09.2025 12:49:26

Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions may incorrectly identify the subdomain ...

4.6

CVE-2025-43794

  • EPSS 0.21%
  • Veröffentlicht 15.09.2025 11:17:22
  • Zuletzt bearbeitet 15.09.2025 15:21:42

Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupport...