Liferay

Dxp

150 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2025-43800

  • EPSS 0.17%
  • Veröffentlicht 15.09.2025 19:15:35
  • Zuletzt bearbeitet 16.09.2025 12:49:16

Cross-site scripting (XSS) vulnerability in Objects in Liferay Portal 7.4.3.20 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a...

4.8

CVE-2025-43791

  • EPSS 0.17%
  • Veröffentlicht 15.09.2025 18:15:37
  • Zuletzt bearbeitet 16.09.2025 12:49:16

Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 36 allow remote attackers to inject arbitrary we...

2.3

CVE-2025-43792

  • EPSS 0.15%
  • Veröffentlicht 15.09.2025 16:19:13
  • Zuletzt bearbeitet 16.09.2025 12:49:16

Remote staging in Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly obt...

6.9

CVE-2025-43793

  • EPSS 0.22%
  • Veröffentlicht 15.09.2025 15:34:11
  • Zuletzt bearbeitet 16.09.2025 12:49:26

Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions may incorrectly identify the subdomain ...

4.6

CVE-2025-43794

  • EPSS 0.18%
  • Veröffentlicht 15.09.2025 11:17:22
  • Zuletzt bearbeitet 15.09.2025 15:21:42

Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupport...

5.1

CVE-2025-43795

  • EPSS 0.17%
  • Veröffentlicht 12.09.2025 19:55:31
  • Zuletzt bearbeitet 15.09.2025 15:21:42

Open redirect vulnerability in the System Settings in Liferay Portal 7.1.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4 , 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to ...

7.1

CVE-2025-43796

  • EPSS 0.16%
  • Veröffentlicht 12.09.2025 19:12:51
  • Zuletzt bearbeitet 15.09.2025 15:21:42

Liferay Portal 7.4.0 through 7.4.3.101, and Liferay DXP 2023.Q3.0 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA though update 35 does not limit the number of objects returned from a GraphQL queries, which allows remote attackers to perform d...

5.1

CVE-2025-43787

  • EPSS 0.18%
  • Veröffentlicht 12.09.2025 16:09:33
  • Zuletzt bearbeitet 15.09.2025 15:21:42

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q3.0, 2025.Q2.0 through 2025.Q2.12, 2025.Q1.0 through 2025.Q1.17, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 th...

5.3

CVE-2025-43788

  • EPSS 0.15%
  • Veröffentlicht 12.09.2025 02:22:29
  • Zuletzt bearbeitet 15.09.2025 15:22:38

The organization selector in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q1.1 through 2024.Q1.12 and 7.4 update 81 through update 85 does not check user permission, which allows remote authenticated users to obtain a list of all orga...

1

CVE-2025-43789

  • EPSS 0.03%
  • Veröffentlicht 12.09.2025 02:00:54
  • Zuletzt bearbeitet 15.09.2025 15:22:38

JSON Web Services in Liferay Portal 7.4.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.9, 7.4 GA through update 92 published to OSGi are registered and invoked directly as classes which allows Service Access Policies get executed.