Liferay

Dxp

187 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.2

CVE-2025-43784

  • EPSS 0.06%
  • Veröffentlicht 10.09.2025 19:11:20
  • Zuletzt bearbeitet 11.09.2025 17:14:10

Improper Access Control vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.8, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows guest users to obtain object entries information via the A...

4.6

CVE-2025-43785

  • EPSS 0.21%
  • Veröffentlicht 10.09.2025 16:19:07
  • Zuletzt bearbeitet 11.09.2025 17:14:10

Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.3.45 through 7.4.3.128, and Liferay DXP 2024 Q2.0 through 2024.Q2.9, 2024.Q1.1 through 2024.Q1.12, and 7.4 update 45 through update 92 allows remote attackers to execute an arbitra...

6.9

CVE-2025-43786

  • EPSS 0.07%
  • Veröffentlicht 09.09.2025 19:08:52
  • Zuletzt bearbeitet 11.09.2025 17:14:25

Enumeration of ERC from object entry in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 and 7.4 GA through update 92 allow attackers to determi...

5.3

CVE-2025-43781

  • EPSS 0.23%
  • Veröffentlicht 09.09.2025 18:48:35
  • Zuletzt bearbeitet 11.09.2025 17:14:25

Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.3.110 through 7.4.3.128, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.12 allows remote attackers to inject arbitrary w...

4.6

CVE-2025-43775

  • EPSS 0.21%
  • Veröffentlicht 09.09.2025 18:12:50
  • Zuletzt bearbeitet 11.09.2025 17:14:25

Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.5, 2024.Q2.0 through 2024.Q2.12, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 allows remote attackers t...

4.6

CVE-2025-43776

  • EPSS 0.2%
  • Veröffentlicht 09.09.2025 14:18:53
  • Zuletzt bearbeitet 09.09.2025 16:28:43

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q...

5.3

CVE-2025-43777

  • EPSS 0.04%
  • Veröffentlicht 09.09.2025 03:15:32
  • Zuletzt bearbeitet 12.12.2025 20:29:25

Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.19 exposes "Inte...

6.1

CVE-2025-43778

  • EPSS 0.05%
  • Veröffentlicht 09.09.2025 01:21:44
  • Zuletzt bearbeitet 12.12.2025 20:28:13

A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.11, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024....

2.1

CVE-2025-43774

  • EPSS 0.18%
  • Veröffentlicht 09.09.2025 00:26:08
  • Zuletzt bearbeitet 18.09.2025 17:15:38

Rejected reason: This CVE ID is rejected. The reported vulnerability was found to be present only in a feature that was under development and protected by a beta feature flag. As a result, the issue was not exploitable in the official or public relea...

6.5

CVE-2025-43763

  • EPSS 0.04%
  • Veröffentlicht 08.09.2025 23:24:19
  • Zuletzt bearbeitet 12.12.2025 20:27:55

A server-side request forgery (SSRF) vulnerability exist in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.20 that aff...