Liferay

Dxp

154 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2025-43802

  • EPSS 0.17%
  • Veröffentlicht 15.09.2025 21:58:18
  • Zuletzt bearbeitet 16.09.2025 12:49:16

Stored cross-site scripting (XSS) vulnerability in a custom object’s /o/c/<object-name> API endpoint in Liferay Portal 7.4.3.51 through 7.4.3.109, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 update 51 through update 92, and 7.3 update 33 through...

5.3

CVE-2025-43797

  • EPSS 0.16%
  • Veröffentlicht 15.09.2025 21:28:30
  • Zuletzt bearbeitet 16.09.2025 12:49:16

In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the default membership type of a newly created site is “Open” which...

2.1

CVE-2025-43798

  • EPSS 0.05%
  • Veröffentlicht 15.09.2025 20:53:02
  • Zuletzt bearbeitet 16.09.2025 12:49:16

Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password (TOTP) to be used multiple times during the validity period, which allows attackers with access to a user’...

6.9

CVE-2025-43799

  • EPSS 0.19%
  • Veröffentlicht 15.09.2025 20:19:28
  • Zuletzt bearbeitet 16.09.2025 12:49:16

Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35, and older unsupported versions does not limit access to APIs before...

4.8

CVE-2025-43800

  • EPSS 0.17%
  • Veröffentlicht 15.09.2025 19:15:35
  • Zuletzt bearbeitet 16.09.2025 12:49:16

Cross-site scripting (XSS) vulnerability in Objects in Liferay Portal 7.4.3.20 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a...

4.8

CVE-2025-43791

  • EPSS 0.17%
  • Veröffentlicht 15.09.2025 18:15:37
  • Zuletzt bearbeitet 16.09.2025 12:49:16

Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 36 allow remote attackers to inject arbitrary we...

2.3

CVE-2025-43792

  • EPSS 0.15%
  • Veröffentlicht 15.09.2025 16:19:13
  • Zuletzt bearbeitet 16.09.2025 12:49:16

Remote staging in Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly obt...

6.9

CVE-2025-43793

  • EPSS 0.22%
  • Veröffentlicht 15.09.2025 15:34:11
  • Zuletzt bearbeitet 16.09.2025 12:49:26

Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions may incorrectly identify the subdomain ...

4.6

CVE-2025-43794

  • EPSS 0.18%
  • Veröffentlicht 15.09.2025 11:17:22
  • Zuletzt bearbeitet 15.09.2025 15:21:42

Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupport...

5.1

CVE-2025-43795

  • EPSS 0.17%
  • Veröffentlicht 12.09.2025 19:55:31
  • Zuletzt bearbeitet 15.09.2025 15:21:42

Open redirect vulnerability in the System Settings in Liferay Portal 7.1.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4 , 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to ...