Liferay

Dxp

152 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2025-43788

  • EPSS 0.15%
  • Published 12.09.2025 02:22:29
  • Last modified 15.09.2025 15:22:38

The organization selector in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q1.1 through 2024.Q1.12 and 7.4 update 81 through update 85 does not check user permission, which allows remote authenticated users to obtain a list of all orga...

1

CVE-2025-43789

  • EPSS 0.03%
  • Published 12.09.2025 02:00:54
  • Last modified 15.09.2025 15:22:38

JSON Web Services in Liferay Portal 7.4.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.9, 7.4 GA through update 92 published to OSGi are registered and invoked directly as classes which allows Service Access Policies get executed.

7.4

CVE-2025-43790

  • EPSS 0.15%
  • Published 11.09.2025 17:54:13
  • Last modified 15.09.2025 15:22:38

Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.6, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote authenticated users to from one virt...

5.3

CVE-2025-43782

  • EPSS 0.15%
  • Published 11.09.2025 17:26:30
  • Last modified 15.09.2025 15:22:38

Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.7, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 allows remote authenticated users to access a wor...

5.1

CVE-2025-43783

  • EPSS 0.2%
  • Published 10.09.2025 20:15:33
  • Last modified 11.09.2025 17:14:10

Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.3.73 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 update 73 through update 92 allows remote at...

6.2

CVE-2025-43784

  • EPSS 0.04%
  • Published 10.09.2025 19:11:20
  • Last modified 11.09.2025 17:14:10

Improper Access Control vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.8, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows guest users to obtain object entries information via the A...

4.6

CVE-2025-43785

  • EPSS 0.18%
  • Published 10.09.2025 16:19:07
  • Last modified 11.09.2025 17:14:10

Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.3.45 through 7.4.3.128, and Liferay DXP 2024 Q2.0 through 2024.Q2.9, 2024.Q1.1 through 2024.Q1.12, and 7.4 update 45 through update 92 allows remote attackers to execute an arbitra...

6.9

CVE-2025-43786

  • EPSS 0.06%
  • Published 09.09.2025 19:08:52
  • Last modified 11.09.2025 17:14:25

Enumeration of ERC from object entry in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 and 7.4 GA through update 92 allow attackers to determi...

5.3

CVE-2025-43781

  • EPSS 0.2%
  • Published 09.09.2025 18:48:35
  • Last modified 11.09.2025 17:14:25

Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.3.110 through 7.4.3.128, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.12 allows remote attackers to inject arbitrary w...

4.6

CVE-2025-43775

  • EPSS 0.18%
  • Published 09.09.2025 18:12:50
  • Last modified 11.09.2025 17:14:25

Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.5, 2024.Q2.0 through 2024.Q2.12, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 allows remote attackers t...