threat
engine
.sh
Back
·
··:··
Home
/
Product
/
liferay digital experience platform
Product
liferay digital experience platform
267 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-62275
all versions
Blogs in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 202
5.3
MEDIUM
CVE-2025-62276
all versions
The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and
5.5
MEDIUM
CVE-2025-62267
all versions
Multiple cross-site scripting (XSS) vulnerabilities in web content template’s select structure page in Liferay Portal 7.4.3.35 t
6.1
MEDIUM
CVE-2025-62264
all versions
Reflected cross-site scripting (XSS) vulnerability in Languauge Override in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay
6.1
MEDIUM
CVE-2025-62265
<= 7.4
Cross-site scripting (XSS) vulnerability in the Blogs widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported vers
5.4
MEDIUM
CVE-2025-62266
all versions
By default, Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2
6.1
MEDIUM
CVE-2025-62257
<= 7.4
Password enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024
5.3
MEDIUM
CVE-2025-62259
<= 7.0
Liferay Portal 7.4.0 through 7.4.3.109, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA throug
5.4
MEDIUM
CVE-2025-62258
all versions
CSRF vulnerability in Headless API in Liferay Portal 7.4.0 through 7.4.3.107, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA
6.5
MEDIUM
CVE-2025-62261
all versions
Liferay Portal 7.4.0 through 7.4.3.99, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through
6.5
MEDIUM
CVE-2025-62260
all versions
Liferay Portal 7.4.0 through 7.4.3.99, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through updat
7.5
HIGH
CVE-2025-62262
all versions
Information exposure through log file vulnerability in LDAP import feature in Liferay Portal 7.4.0 through 7.4.3.97, and older uns
4.4
MEDIUM
CVE-2025-62263
all versions
Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2
5.4
MEDIUM
CVE-2025-62253
< 7.3
Open redirect vulnerability in page administration in Liferay Portal 7.4.0 through 7.4.3.97, and older unsupported versions, and L
6.1
MEDIUM
CVE-2025-62254
all versions
The ComboServlet in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023
7.5
HIGH
CVE-2025-62255
< 7.3
Self Cross-site scripting (XSS) vulnerability on the edit Knowledge Base article page in Liferay Portal 7.4.0 through 7.4.3.101, a
6.1
MEDIUM
CVE-2025-62256
all versions
Liferay Portal 7.4.0 through 7.4.3.109, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 GA through u
5.3
MEDIUM
CVE-2025-62247
>= 2024.q1.1 and < 2024.q1.20
Missing Authorization in Collection Provider component in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 th
6.5
MEDIUM
CVE-2025-62248
>= 2024.q1.1 and < 2024.q1.20
A reflected cross-site scripting (XSS) vulnerability, resulting from a regression, has been identified in Liferay Portal 7.4.0 th
4.8
MEDIUM
CVE-2025-62249
>= 2023.q4.0 and <= 2023.q4.10
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q3.0 thro
6.1
MEDIUM
CVE-2025-62250
< 7.3
Improper Authentication in Liferay Portal 7.4.0 through 7.4.3.132, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023
6.5
MEDIUM
CVE-2025-62251
<= 7.4
Liferay Portal 7.3.0 through 7.4.3.119, and Liferay DXP 2023.Q3.1 through 2023.Q3.8, 2023.Q4.0 through 2023.Q4.5, 7.4 GA through u
6.5
MEDIUM
CVE-2025-62252
<= 7.4
Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, a
4.3
MEDIUM
CVE-2025-62246
<= 7.4
Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versio
5.4
MEDIUM
CVE-2025-62242
all versions
Insecure Direct Object Reference (IDOR) vulnerability with account addresses in Liferay Portal 7.4.3.4 through 7.4.3.111, and Life
4.3
MEDIUM
CVE-2025-62241
all versions
Insecure Direct Object Reference (IDOR) vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows re
4.3
MEDIUM
CVE-2025-62243
>= 2023.q3.1 and < 2023.q3.9
Insecure direct object reference (IDOR) vulnerability in Publications in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2
5.4
MEDIUM
CVE-2025-62244
>= 2023.q3.1 and < 2023.q3.9
Insecure direct object reference (IDOR) vulnerability in Publications in Liferay Portal 7.3.1 through 7.4.3.111, and Liferay DXP 2
4.3
MEDIUM
CVE-2025-62245
>= 2023.Q3.1 and <= 2023.Q3.10
Cross-site request forgery (CSRF) vulnerability in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.
4.3
MEDIUM
CVE-2025-62239
>= 2023.q3.1 and < 2023.q3.9
Cross-site scripting (XSS) vulnerability in workflow process builder in Liferay Portal 7.4.3.21 through 7.4.3.111, and Liferay DXP
5.4
MEDIUM
CVE-2025-62238
>= 2023.q3.1 and < 2023.q3.9
Stored cross-site scripting (XSS) vulnerability on the Membership page in Account Settings in Liferay Portal 7.4.3.21 through 7.4.
5.4
MEDIUM
CVE-2025-62237
>= 2023.q3.1 and < 2023.q3.9
Stored cross-site scripting (XSS) vulnerability in Commerce’s view order page in Liferay Portal 7.4.3.8 through 7.4.3.111, and L
5.4
MEDIUM
CVE-2025-62240
>= 2023.Q3.1 and < 2023.Q3.8
Multiple cross-site scripting (XSS) vulnerabilities with Calendar events in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay
5.4
MEDIUM
CVE-2025-43771
>= 2023.Q3.1 and < 2023.Q3.4
Multiple cross-site scripting (XSS) vulnerabilities in the Notifications widget in Liferay Portal 7.4.3.102 through 7.4.3.111, and
5.4
MEDIUM
CVE-2025-43830
>= 2023.q3.1 and < 2023.q3.9
Stored cross-site scripting (XSS) vulnerability in Forms in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 thro
6.1
MEDIUM
CVE-2025-43829
>= 2023.q3.1 and < 2023.q3.9
Stored cross-site scripting (XSS) vulnerability in diagram type products in Commerce in Liferay Portal 7.4.3.18 through 7.4.3.111,
5.4
MEDIUM
CVE-2025-43821
>= 2023.q3.1 and < 2023.q3.9
Cross-site scripting (XSS) vulnerability in the Commerce Product Comparison Table widget in Liferay Portal 7.4.0 through 7.4.3.111
5.4
MEDIUM
CVE-2025-43822
>= 2023.q3.1 and < 2023.q3.9
Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.4.3.15 through 7.4.3.111, and Liferay DXP 2023.Q4.0
5.4
MEDIUM
CVE-2025-43823
>= 2023.q3.1 and < 2023.q3.9
Cross-site scripting (XSS) vulnerability in the Commerce Search Result widget in Liferay Portal 7.4.0 through 7.4.3.111, and Lifer
5.4
MEDIUM
CVE-2025-43824
<= 7.4
The Profile widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 20
5.4
MEDIUM
CVE-2025-43825
>= 2023.Q3.1 and <= 2023.Q3.10
A vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.
6.5
MEDIUM
CVE-2025-43826
<= 7.4
Stored cross-site scripting (XSS) vulnerabilities in Web Content translation in Liferay Portal 7.4.0 through 7.4.3.112, and older
5.4
MEDIUM
CVE-2025-43827
<= 7.3
Insecure Direct Object Reference (IDOR) vulnerability with audit events in Liferay Portal 7.4.0 through 7.4.3.117, and older unsup
4.3
MEDIUM
CVE-2025-43817
>= 2023.q3.1 and < 2023.q3.9
Multiple reflected cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.4.3.74 through 7.4.3.111, and Liferay DXP 2023.Q
6.1
MEDIUM
CVE-2025-43813
< 7.3
Possible path traversal vulnerability and denial-of-service in the ComboServlet in Liferay Portal 7.4.0 through 7.4.3.107, and old
8.2
HIGH
CVE-2025-43812
>= 2023.q3.1 and < 2023.q3.9
Cross-site scripting (XSS) vulnerability in web content template in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023
5.4
MEDIUM
CVE-2025-43820
>= 2023.Q3.1 and < 2023.Q3.7
Multiple cross-site scripting (XSS) vulnerabilities in the Calendar widget when inviting users to a event in Liferay Portal 7.4.3.
5.4
MEDIUM
CVE-2025-43818
>= 2023.Q3.1 and < 2023.Q3.7
Cross-site scripting (XSS) vulnerability in the Calendar widget in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023
6.1
MEDIUM
CVE-2025-43815
>= 2023.q4.0 and < 2023.q4.3
Reflected cross-site scripting (XSS) vulnerability on the page configuration page in Liferay Portal 7.4.3.102 through 7.4.3.110, a
6.1
MEDIUM
CVE-2025-43811
>= 2023.Q3.1 and < 2023.Q3.8
Multiple stored cross-site scripting (XSS) vulnerability in the related asset selector in Liferay Portal 7.4.3.50 through 7.4.3.11
5.4
MEDIUM
CVE-2025-43816
< 7.4
A memory leak in the headless API for StructuredContents in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions
7.5
HIGH
CVE-2025-43819
>= 2024.Q1.1 and < 2024.Q1.13
A Insufficient Session Expiration vulnerability in the Liferay Portal 7.4.3.121 through 7.3.3.131, and Liferay DXP 2024.Q4.0 throu
6.5
MEDIUM
CVE-2025-43779
>= 2024.Q1.1 and < 2024.Q1.19
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2024.Q1.1 thro
6.1
MEDIUM
CVE-2025-43814
>= 2023.Q3.1 and <= 2023.Q3.10
In Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1
6.5
MEDIUM
CVE-2025-43810
>= 2023.Q3.1 and <= 2023.Q3.10
Insecure Direct Object Reference (IDOR) vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Lif
4.3
MEDIUM
CVE-2025-43806
>= 2023.Q3.1 and <= 2023.Q3.10
Batch Engine in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.7, 2023.Q3.1 through 2023.Q3.10,
4.3
MEDIUM
CVE-2025-43807
>= 2023.Q3.1 and <= 2023.Q3.10
Stored cross-site scripting (XSS) vulnerability in the notifications widget in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay
5.4
MEDIUM
CVE-2025-43808
>= 2023.Q3.1 and <= 2023.Q3.10
The Commerce component in Liferay Portal 7.3.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2
5.3
MEDIUM
CVE-2025-43809
<= 7.4
Cross-Site Request Forgery (CSRF) vulnerability in the server (license) registration page in Liferay Portal 7.4.0 through 7.4.3.11
4.3
MEDIUM
CVE-2025-43803
<= 7.3
Insecure direct object reference (IDOR) vulnerability in the Contacts Center widget in Liferay Portal 7.4.0 through 7.4.3.119, and
4.3
MEDIUM
CVE-2025-43804
all versions
Cross-site scripting (XSS) vulnerability in Search widget in Liferay Portal 7.4.3.93 through 7.4.3.111, and Liferay DXP 2023.Q4.0,
6.1
MEDIUM
CVE-2025-43805
>= 2023.Q3.0 and < 2023.Q3.5
Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, and 7.3
5.3
MEDIUM
CVE-2025-43801
< 7.3
Unchecked input for loop condition vulnerability in XML-RPC in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versi
7.5
HIGH
CVE-2025-43802
>= 2023.q3.1 and < 2023.q3.5
Stored cross-site scripting (XSS) vulnerability in a custom object’s /o/c/<object-name> API endpoint in Liferay Portal 7.4.3.51
6.1
MEDIUM
CVE-2025-43797
< 7.3
In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 G
5.4
MEDIUM
CVE-2025-43799
< 7.3
Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.
6.5
MEDIUM
CVE-2025-43798
>= 2023.q3.1 and < 2023.q3.5
Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-
6.5
MEDIUM
CVE-2025-43800
>= 2023.q3.1 and < 2023.q3.5
Cross-site scripting (XSS) vulnerability in Objects in Liferay Portal 7.4.3.20 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.
6.1
MEDIUM
CVE-2025-43791
>= 2023.q3.1 and < 2023.q3.5
Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.
6.1
MEDIUM
CVE-2025-43792
< 7.3
Remote staging in Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 thr
5.3
MEDIUM
CVE-2025-43793
< 7.3
Liferay Portal 7.4.0 through 7.4.3.105, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.
7.5
HIGH
CVE-2025-43794
< 7.3
Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Lif
4.8
MEDIUM
CVE-2025-43796
>= 2023.Q3.0 and < 2023.Q3.5
Liferay Portal 7.4.0 through 7.4.3.101, and Liferay DXP 2023.Q3.0 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA though up
7.5
HIGH
CVE-2025-43795
< 7.3
Open redirect vulnerability in the System Settings in Liferay Portal 7.1.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 20
6.1
MEDIUM
CVE-2025-43787
>= 2024.q1.1 and < 2024.q1.21
A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q3.0, 2025.Q2.0 t
5.4
MEDIUM
CVE-2025-43789
>= 2024.Q1.1 and < 2024.Q1.10
JSON Web Services in Liferay Portal 7.4.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.9, 7.4 GA through update 92
5.3
MEDIUM
CVE-2025-43788
>= 2024.Q1.1 and < 2024.Q1.13
The organization selector in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q1.1 through 2024.Q1.12 and 7.4 update 8
4.3
MEDIUM
CVE-2025-43790
>= 2024.Q1.1 and < 2024.Q1.13
Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through
8.1
HIGH
CVE-2025-43782
>= 2024.Q1.1 and < 2024.Q1.13
Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through
4.3
MEDIUM
CVE-2025-43783
>= 2024.Q1.1 and < 2024.Q1.13
Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.3.73 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through
6.1
MEDIUM
CVE-2025-43784
>= 2024.Q1.1 and < 2024.Q1.13
Improper Access Control vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.8, 202
6.5
MEDIUM
CVE-2025-43785
>= 2024.Q1.1 and < 2024.Q1.13
Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.3.45 through 7.4.3.128, and Liferay DXP 2024 Q2.0 through 20
6.1
MEDIUM
CVE-2025-43786
>= 2024.Q1.1 and < 2024.Q1.13
Enumeration of ERC from object entry in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.
5.3
MEDIUM
CVE-2025-43781
>= 2024.Q1.1 and < 2024.Q1.13
Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.3.110 through 7.4.3.128, and Liferay DXP 2024.Q3.1 throug
6.1
MEDIUM
CVE-2025-43775
>= 2024.Q1.1 and < 2024.Q1.13
Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.
5.4
MEDIUM
CVE-2025-43776
>= 2024.q1.1 and < 2024.q1.20
A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025
5.4
MEDIUM
CVE-2025-43777
>= 2024.q1.1 and < 2024.q1.20
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 thro
5.3
MEDIUM
CVE-2025-43778
>= 2024.q1.1 and < 2024.q1.21
A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025
6.1
MEDIUM
CVE-2025-43763
>= 2024.q1.1 and < 2024.q1.21
A server-side request forgery (SSRF) vulnerability exist in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0
6.5
MEDIUM
CVE-2025-3586
>= 2023.Q3.1 and <= 2023.Q3.10
In Liferay Portal 7.4.3.27 through 7.4.3.42, and Liferay DXP 2024.Q1.1 through 2024.Q1.20, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1
7.2
HIGH
CVE-2025-43773
>= 2024.Q1.1 and < 2024.Q1.19
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 202
9.1
CRITICAL
CVE-2025-43766
>= 2024.Q1.1 and < 2024.Q1.14
The Liferay Portal 7.4.0 through 7.3.3.131, and Liferay DXP 2024.Q4.0, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13,
9.8
CRITICAL
CVE-2025-43765
>= 2024.Q1.1 and < 2024.Q1.14
A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0, 2024.Q3.1 th
6.1
MEDIUM
CVE-2025-43764
>= 2024.Q1.1 and <= 2024.Q1.20
Self-ReDoS (Regular expression Denial of Service) exists with Role Name search field of Kaleo Designer portlet JavaScript in Lifer
6.5
MEDIUM
CVE-2025-43767
>= 2024.Q1.1 and < 2024.Q1.13
Open Redirect vulnerability in /c/portal/edit_info_item parameter redirect in Liferay Portal 7.4.3.86 through 7.4.3.131, and Lifer
6.1
MEDIUM
CVE-2025-43769
>= 2024.Q1.1 and < 2024.Q1.13
Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.
6.1
MEDIUM
CVE-2025-43768
>= 2024.Q1.1 and < 2024.Q1.16
Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 throu
7.7
HIGH
CVE-2025-43770
>= 2024.Q1.1 and < 2024.Q1.13
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 thro
6.1
MEDIUM
CVE-2025-43761
>= 2024.Q1.1 and < 2024.Q1.13
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 thro
6.1
MEDIUM
CVE-2025-43762
>= 2024.Q1.1 and < 2024.Q1.15
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 throug
6.5
MEDIUM
CVE-2025-43759
>= 2024.Q1.1 and < 2024.Q1.15
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024
2.7
LOW
CVE-2025-43758
>= 2024.Q1.1 and < 2024.Q1.16
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 throug
5.3
MEDIUM
CVE-2025-43760
>= 2024.Q1.1 and <= 2024.Q1.20
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 thro
5.4
MEDIUM
CVE-2025-43751
>= 2023.Q3.1 and <= 2023.Q3.10
User enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 t
5.3
MEDIUM
CVE-2025-43752
>= 2024.Q1.1 and < 2024.Q1.16
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 throug
6.5
MEDIUM
CVE-2025-43753
>= 2024.Q1.1 and < 2024.Q1.17
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.32 through 7.4.3.132, and Liferay DXP 2025.Q1.0 t
5.4
MEDIUM
CVE-2025-43747
>= 2025.Q2.0 and < 2025.Q2.4
A server-side request forgery (SSRF) vulnerability exists in the Liferay DXP 2025.Q2.0 through 2025.Q2.3 due to insecure domain va
6.5
MEDIUM
CVE-2025-43754
>= 2024.Q1.1 and < 2024.Q1.15
Username enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3
5.3
MEDIUM
CVE-2025-43756
>= 2024.q1.1 and < 2024.q1.20
<!--td {border: 1px solid #cccccc;}br {mso-data-placement:same-cell;}--A reflected cross-site scripting (XSS) vulnerability in the
5.4
MEDIUM
CVE-2025-43755
>= 2024.Q1.1 and < 2024.Q1.18
A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 t through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0
5.4
MEDIUM
CVE-2025-43757
>= 2024.Q1.1 and < 2024.Q1.19
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 thro
5.4
MEDIUM
CVE-2025-43746
>= 2024.Q1.1 and < 2024.Q1.19
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 thro
5.4
MEDIUM
CVE-2025-43748
>= 7.0 and <= 7.4
Insufficient CSRF protection for omni-administrator users in Liferay Portal 7.0.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 thr
6.8
MEDIUM
CVE-2025-43750
>= 2024.Q1.1 and < 2024.Q1.15
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 throug
6.5
MEDIUM
CVE-2025-43749
>= 2024.Q1.1 and < 2024.Q1.15
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 throug
5.3
MEDIUM
CVE-2025-43742
>= 2024.Q1.1 and < 2024.Q1.15
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 thro
6.1
MEDIUM
CVE-2025-43741
>= 2024.Q1.1 and < 2024.Q1.15
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 thro
5.4
MEDIUM
CVE-2025-43744
>= 2024.q1.1 and < 2024.q1.21
A stored DOM-based Cross-Site Scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 t
5.4
MEDIUM
CVE-2025-43743
>= 2024.Q1.1 and < 2024.Q1.16
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 throug
4.3
MEDIUM
CVE-2025-43745
>= 2024.q1.1 and < 2024.q1.20
A CSRF vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.7, 2025.Q1.0 through 202
6.5
MEDIUM
CVE-2025-43737
>= 2025.Q1.0 and < 2025.Q1.16
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8
5.4
MEDIUM
CVE-2025-43738
>= 2024.q1.1 and < 2024.q1.20
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 thro
5.4
MEDIUM
CVE-2025-43739
>= 2024.q1.1 and <= 2024.q1.19
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 throug
4.3
MEDIUM
CVE-2025-43740
>= 2024.Q1.9 and < 2024.Q1.20
A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.3.120 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2
5.4
MEDIUM
CVE-2025-43731
>= 2024.Q1.1 and < 2024.Q1.17
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 thro
5.4
MEDIUM
CVE-2025-43732
>= 2024.Q1.1 and < 2024.Q1.18
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 throu
2.7
LOW
CVE-2025-43733
>= 2025.Q1.0 and < 2025.Q1.8
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7
5.4
MEDIUM
CVE-2025-43734
>= 2024.q1.1 and <= 2024.q1.16
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 thro
5.4
MEDIUM
CVE-2025-43735
>= 2024.q1.1 and <= 2024.q1.12
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 thro
6.1
MEDIUM
CVE-2025-43736
>= 2024.q1.1 and <= 2024.q1.16
A Denial Of Service via File Upload (DOS) vulnerability in the Liferay Portal 7.4.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0
4.3
MEDIUM
CVE-2025-4655
>= 2024.Q1.1 and < 2024.Q1.16
SSRF vulnerability in FreeMarker templates in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5,
5.0
MEDIUM
CVE-2025-4581
>= 2024.q1.1 and <= 2024.q1.15
Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 throug
8.6
HIGH
CVE-2025-4576
>= 2024.q1.1 and <= 2024.q1.15
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.133, and Liferay DXP 2025.Q1.0 thro
6.1
MEDIUM
CVE-2025-4604
>= 2024.q1.1 and <= 2024.q1.19
The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2
6.1
MEDIUM
CVE-2025-4599
>= 2024.q1.1 and <= 2024.q1.13
The fragment preview functionality in Liferay Portal 7.4.3.61 through 7.4.3.132, and Liferay DXP 2024.Q4.1 through 2024.Q4.5, 2024
6.1
MEDIUM
CVE-2025-3594
>= 7.0 and <= 7.2
Path traversal vulnerability with the downloading and installation of Xuggler in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay
9.8
CRITICAL
CVE-2025-3526
>= 7.0 and <= 7.2
SessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and Liferay DXP 7.4 GA through update 9, 7.3 GA through update 25, and old
7.5
HIGH
CVE-2025-3602
>= 2023.q3.1 and <= 2023.q3.2
Liferay Portal 7.4.0 through 7.4.3.97, and Liferay DXP 2023.Q3.1 through 2023.Q3.2, 7.4 GA through update 92, 7.3 GA through updat
7.5
HIGH
CVE-2025-4388
>= 2024.Q1.1 and < 2024.Q1.13
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 thro
6.1
MEDIUM
CVE-2025-3760
>= 7.2 and <= 7.4
A stored cross-site scripting (XSS) vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.
5.4
MEDIUM
CVE-2025-2565
>= 2023.Q3.1 and <= 2023.Q3.10
The data exposure vulnerability in Liferay Portal 7.4.0 through 7.4.3.126, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.12
4.3
MEDIUM
CVE-2025-2536
>= 2023.Q3.1 and <= 2023.Q3.10
Cross-site scripting (XSS) vulnerability on Liferay Portal 7.4.3.82 through 7.4.3.128, and Liferay DXP 2024.Q3.0, 2024.Q2.0 throug
6.1
MEDIUM
CVE-2023-37940
>= 7.0 and < 7.3
Cross-site scripting (XSS) vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Life
4.8
MEDIUM
CVE-2024-11993
>= 7.1 and < 7.4
Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update
6.1
MEDIUM
CVE-2024-8980
>= 6.2 and <= 7.2
The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 9
9.6
CRITICAL
CVE-2024-38002
>= 2023.q3.1 and < 2023.q3.9
The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2
9.0
CRITICAL
CVE-2024-26273
>= 2023.q3.1 and < 2023.q3.6
Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.4.0 through 7.4.3.103, and Liferay
8.8
HIGH
CVE-2024-26272
>= 2023.q3.1 and < 2023.q3.6
Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.3.2 through 7.4.3.107, and Liferay
8.8
HIGH
CVE-2024-26271
>= 2023.q3.1 and < 2023.q3.6
Cross-site request forgery (CSRF) vulnerability in the My Account widget in Liferay Portal 7.4.3.75 through 7.4.3.111, and Liferay
8.8
HIGH
CVE-2023-47795
all versions
Stored cross-site scripting (XSS) vulnerability in the Document and Media widget in Liferay Portal 7.4.3.18 through 7.4.3.101, and
9.0
CRITICAL
CVE-2024-25151
< 7.2
The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack
5.4
MEDIUM
CVE-2024-26269
< 7.2
Cross-site scripting (XSS) vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Life
9.6
CRITICAL
CVE-2024-26266
< 7.2
Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported version
9.0
CRITICAL
CVE-2024-25603
< 7.2
Stored cross-site scripting (XSS) vulnerability in the Dynamic Data Mapping module's DDMForm in Liferay Portal 7.2.0 through 7.4.3
9.0
CRITICAL
CVE-2023-42498
all versions
Reflected cross-site scripting (XSS) vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 through 7.4.3.97
9.6
CRITICAL
CVE-2023-42496
all versions
Reflected cross-site scripting (XSS) vulnerability on the add assignees to a role page in Liferay Portal 7.3.3 through 7.4.3.97, a
9.6
CRITICAL
CVE-2023-40191
all versions
Reflected cross-site scripting (XSS) vulnerability in the instance settings for Accounts in Liferay Portal 7.4.3.44 through 7.4.3.
9.0
CRITICAL
CVE-2024-25602
< 7.2
Stored cross-site scripting (XSS) vulnerability in Users Admin module's edit user page in Liferay Portal 7.2.0 through 7.4.2, and
9.0
CRITICAL
CVE-2024-25601
< 7.2
Stored cross-site scripting (XSS) vulnerability in Expando module's geolocation custom fields in Liferay Portal 7.2.0 through 7.4.
9.0
CRITICAL
CVE-2024-25152
< 7.2
Stored cross-site scripting (XSS) vulnerability in Message Board widget in Liferay Portal 7.2.0 through 7.4.2, and older unsupport
9.0
CRITICAL
CVE-2024-25147
< 7.2
Cross-site scripting (XSS) vulnerability in HtmlUtil.escapeJsLink in Liferay Portal 7.2.0 through 7.4.1, and older unsupported ver
9.6
CRITICAL
CVE-2021-29038
< 7.2
Liferay Portal 7.2.0 through 7.3.5, and older unsupported versions, and Liferay DXP 7.3 before fix pack 1, 7.2 before fix pack 17,
6.3
MEDIUM
CVE-2024-26270
all versions
The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 76 t
6.5
MEDIUM
CVE-2024-26268
< 7.2
User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 befor
5.3
MEDIUM
CVE-2024-26267
< 7.2
In Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versions, and Liferay DXP 7.4 before update 26, 7.3 before update
5.3
MEDIUM
CVE-2024-26265
< 7.2
The Image Uploader module in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before upd
5.0
MEDIUM
CVE-2024-25610
< 7.2
In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 before update 4
9.0
CRITICAL
CVE-2024-25609
< 7.2
HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before updat
6.1
MEDIUM
CVE-2024-25608
< 7.2
HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before updat
6.1
MEDIUM
CVE-2024-25607
< 7.2
The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions
8.1
HIGH
CVE-2024-25606
< 7.2
XXE vulnerability in Liferay Portal 7.2.0 through 7.4.3.7, and older unsupported versions, and Liferay DXP 7.4 before update 4, 7.
8.0
HIGH
CVE-2024-25605
< 7.2
The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before ser
5.3
MEDIUM
CVE-2024-25604
< 7.2
Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 befor
6.5
MEDIUM
CVE-2024-25150
< 7.2
Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, a
4.3
MEDIUM
CVE-2024-25149
< 7.2
Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack
5.4
MEDIUM
CVE-2023-44308
all versions
Open redirect vulnerability in adaptive media administration page in Liferay DXP 2023.Q3 before patch 6, and 7.4 GA through update
6.1
MEDIUM
CVE-2023-5190
all versions
Open redirect vulnerability in the Countries Management’s edit region page in Liferay Portal 7.4.3.45 through 7.4.3.101, and Lif
6.1
MEDIUM
CVE-2022-45320
< 7.2
Liferay Portal before 7.4.3.16 and Liferay DXP before 7.2 fix pack 19, 7.3 before update 6, and 7.4 before update 16 allow remote
6.3
MEDIUM
CVE-2024-25148
all versions
In Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix p
5.4
MEDIUM
CVE-2024-25146
all versions
Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack
5.3
MEDIUM
CVE-2024-25144
all versions
The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27,
4.1
MEDIUM
CVE-2023-47798
< 7.2
Account lockout in Liferay Portal 7.2.0 through 7.3.0, and older unsupported versions, and Liferay DXP 7.2 before fix pack 5, and
5.4
MEDIUM
CVE-2024-25145
< 7.2
Stored cross-site scripting (XSS) vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 through 7.
9.6
CRITICAL
CVE-2024-25143
< 7.2
The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before se
6.5
MEDIUM
CVE-2023-42627
all versions
Multiple stored cross-site scripting (XSS) vulnerabilities in the Commerce module in Liferay Portal 7.3.5 through 7.4.3.91, and Li
9.6
CRITICAL
CVE-2023-42628
all versions
Stored cross-site scripting (XSS) vulnerability in the Wiki widget in Liferay Portal 7.1.0 through 7.4.3.87, and Liferay DXP 7.0 f
9.0
CRITICAL
CVE-2023-44311
all versions
Multiple reflected cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedire
9.6
CRITICAL
CVE-2023-44310
all versions
Stored cross-site scripting (XSS) vulnerability in Page Tree menu Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix p
9.0
CRITICAL
CVE-2023-44309
all versions
Multiple stored cross-site scripting (XSS) vulnerabilities in the fragment components in Liferay Portal 7.4.2 through 7.4.3.53, an
9.0
CRITICAL
CVE-2023-42629
all versions
Stored cross-site scripting (XSS) vulnerability in the manage vocabulary page in Liferay Portal 7.4.2 through 7.4.3.87, and Lifera
9.0
CRITICAL
CVE-2023-42497
all versions
Reflected cross-site scripting (XSS) vulnerability on the Export for Translation page in Liferay Portal 7.4.3.4 through 7.4.3.85,
9.6
CRITICAL
CVE-2023-3426
all versions
The organization selector in Liferay Portal 7.4.3.81 through 7.4.3.85, and Liferay DXP 7.4 update 81 through 85 does not check use
4.3
MEDIUM
CVE-2023-3193
all versions
Cross-site scripting (XSS) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, and
6.1
MEDIUM
CVE-2023-33950
all versions
Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions
6.5
MEDIUM
CVE-2023-33949
>= 7.0 and <= 7.2
In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to verify th
5.3
MEDIUM
CVE-2023-33948
all versions
The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files
5.3
MEDIUM
CVE-2023-33947
all versions
The Object module in Liferay Portal 7.4.3.4 through 7.4.3.60, and Liferay DXP 7.4 before update 61 does not segment object definit
2.7
LOW
CVE-2023-33946
all versions
The Object module in Liferay Portal 7.4.3.4 through 7.4.3.48, and Liferay DXP 7.4 before update 49 does properly isolate objects i
2.7
LOW
CVE-2023-33945
all versions
SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 be
6.4
MEDIUM
CVE-2023-33944
>= 7.4.0 and <= 7.4.3.68
Cross-site scripting (XSS) vulnerability in Layout module in Liferay Portal 7.3.4 through 7.4.3.68, and Liferay DXP 7.3 before upd
4.8
MEDIUM
CVE-2023-33943
all versions
Cross-site scripting (XSS) vulnerability in the Account module in Liferay Portal 7.4.3.21 through 7.4.3.62, and Liferay DXP 7.4 up
5.4
MEDIUM
CVE-2023-33942
all versions
Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Portal 7.4.3.50,
5.4
MEDIUM
CVE-2023-33941
all versions
Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class i
6.1
MEDIUM
CVE-2023-33940
all versions
Cross-site scripting (XSS) vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through 7.4.3.30, and Liferay DXP 7.4
4.8
MEDIUM
CVE-2023-33939
all versions
Cross-site scripting (XSS) vulnerability in the Modified Facet widget in Liferay Portal 7.1.0 through 7.4.3.12, and Liferay DXP 7.
5.4
MEDIUM
CVE-2023-33938
all versions
Cross-site scripting (XSS) vulnerability in the App Builder module's custom object details page in Liferay Portal 7.3.0 through 7.
4.8
MEDIUM
CVE-2023-33937
all versions
Stored cross-site scripting (XSS) vulnerability in Form widget configuration in Liferay Portal 7.1.0 through 7.3.0, and Liferay DX
5.4
MEDIUM
CVE-2022-48367
>= 3.3.0 and < 3.3.18
An issue was discovered in eZ Publish Ibexa Kernel before 7.5.28. Access control based on object state is mishandled.
9.8
CRITICAL
CVE-2022-48366
>= 3.3.0 and < 3.3.20
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack.
3.7
LOW
CVE-2022-48365
>= 3.3.0 and < 3.3.28
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges.
7.2
HIGH
CVE-2022-42132
all versions
The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and earlier, 7.1 befor
5.9
MEDIUM
CVE-2022-42131
all versions
Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data provid
4.8
MEDIUM
CVE-2022-42130
all versions
The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pa
4.3
MEDIUM
CVE-2022-42129
all versions
An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.
4.3
MEDIUM
CVE-2022-42128
all versions
The Hypermedia REST APIs module in Liferay Portal 7.4.1 through 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permission
5.3
MEDIUM
CVE-2022-42127
all versions
The Friendly Url module in Liferay Portal 7.4.3.5 through 7.4.3.36, and Liferay DXP 7.4 update 1 though 36 does not properly check
5.3
MEDIUM
CVE-2022-42126
all versions
The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, and Liferay DXP 7.3 before update 8, and DXP 7.4 before updat
4.3
MEDIUM
CVE-2022-42125
all versions
Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 through 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34
7.5
HIGH
CVE-2022-42124
all versions
ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 through 7.4.3.4 and Liferay DXP 7.2 fix pack
7.5
HIGH
CVE-2022-42123
all versions
A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before updat
7.5
HIGH
CVE-2022-42121
all versions
A SQL injection vulnerability in the Layout module in Liferay Portal 7.1.3 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27
8.8
HIGH
CVE-2022-42118
all versions
A Cross-site scripting (XSS) vulnerability in the Portal Search module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1
6.1
MEDIUM
CVE-2022-42111
all versions
A Cross-site scripting (XSS) vulnerability in the Sharing module's user notification in Liferay Portal 7.2.1 through 7.4.2, and Li
5.4
MEDIUM
CVE-2022-42110
all versions
A Cross-site scripting (XSS) vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1
6.1
MEDIUM
CVE-2022-42112
< 7.2
A Cross-site scripting (XSS) vulnerability in the Portal Search module's Sort widget in Liferay Portal 7.2.0 through 7.4.3.24, and
5.4
MEDIUM
CVE-2022-28977
all versions
HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 throug
6.1
MEDIUM
CVE-2022-28979
all versions
Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3
6.1
MEDIUM
CVE-2022-28978
all versions
Stored cross-site scripting (XSS) vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 t
5.4
MEDIUM
CVE-2022-26597
< 7.3
Cross-site scripting (XSS) vulnerability in the Layout module's Open Graph integration in Liferay Portal 7.3.0 through 7.4.0, and
6.1
MEDIUM
CVE-2022-26596
all versions
Cross-site scripting (XSS) vulnerability in Journal module's web content display configuration page in Liferay Portal 7.1.0 throug
6.1
MEDIUM
CVE-2022-26595
all versions
Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permissio
4.3
MEDIUM
CVE-2022-26593
< 7.3
Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, an
5.4
MEDIUM
CVE-2022-25146
<= 7.4
The Remote App module in Liferay Portal Liferay Portal v7.4.3.4 through v7.4.3.8 and Liferay DXP 7.4 before update 5 does not chec
5.3
MEDIUM
CVE-2021-38269
all versions
Cross-site scripting (XSS) vulnerability in the Gogo Shell module in Liferay Portal 7.1.0 through 7.3.6 and 7.4.0, and Liferay DXP
5.4
MEDIUM
CVE-2021-38267
< 7.3
Cross-site scripting (XSS) vulnerability in the Blogs module's edit blog entry page in Liferay Portal 7.3.2 through 7.3.6, and Lif
5.4
MEDIUM
CVE-2021-38265
<= 7.3
Cross-site scripting (XSS) vulnerability in the Asset module in Liferay Portal 7.3.4 through 7.3.6 allow remote attackers to injec
5.4
MEDIUM
CVE-2021-38263
all versions
Cross-site scripting (XSS) vulnerability in the Server module's script console in Liferay Portal 7.3.2 and earlier, and Liferay DX
6.1
MEDIUM
CVE-2021-38266
all versions
The Portal Security module in Liferay Portal 7.2.1 and earlier, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17 and
7.5
HIGH
CVE-2021-38268
< 7.2.1
The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.6, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pac
6.5
MEDIUM
CVE-2021-33338
all versions
The Layout module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 6, expose
7.5
HIGH
CVE-2021-33337
all versions
Cross-site scripting (XSS) vulnerability in the Document Library module's add document menu in Liferay Portal 7.3.0 through 7.3.4,
6.1
MEDIUM
CVE-2021-33339
all versions
Cross-site scripting (XSS) vulnerability in the Fragment module in Liferay Portal 7.2.1 through 7.3.4, and Liferay DXP 7.2 before
4.8
MEDIUM
CVE-2021-33336
all versions
Cross-site scripting (XSS) vulnerability in the Journal module's add article menu in Liferay Portal 7.3.0 through 7.3.3, and Lifer
5.4
MEDIUM
CVE-2021-33335
all versions
Privilege escalation vulnerability in Liferay Portal 7.0.3 through 7.3.4, and Liferay DXP 7.1 before fix pack 20, and 7.2 before f
7.2
HIGH
CVE-2021-33334
all versions
The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack
4.3
MEDIUM
CVE-2021-33333
all versions
The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and
6.3
MEDIUM
CVE-2021-33332
all versions
Cross-site scripting (XSS) vulnerability in the Portlet Configuration module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DX
6.1
MEDIUM
CVE-2021-33331
all versions
Open redirect vulnerability in the Notifications module in Liferay Portal 7.0.0 through 7.3.1, and Liferay DXP 7.0 before fix pack
6.1
MEDIUM
CVE-2021-33330
all versions
Liferay Portal 7.2.0 through 7.3.2, and Liferay DXP 7.2 before fix pack 9, allows access to Cross-origin resource sharing (CORS) p
4.3
MEDIUM
CVE-2021-33328
all versions
Cross-site scripting (XSS) vulnerability in the Asset module's edit vocabulary page in Liferay Portal 7.0.0 through 7.3.4, and Lif
5.4
MEDIUM
CVE-2021-33327
all versions
The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3, and Liferay DXP 7.0 fix pack 93 and 94, 7.1 fix pack
4.3
MEDIUM
CVE-2021-33326
all versions
Cross-site scripting (XSS) vulnerability in the Frontend JS module in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before
6.1
MEDIUM
CVE-2021-33325
all versions
The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19, an
4.9
MEDIUM
CVE-2021-33324
all versions
The Layout module in Liferay Portal 7.1.0 through 7.3.1, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 5, does n
4.3
MEDIUM
CVE-2021-33323
all versions
The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix
7.5
HIGH
CVE-2021-33322
all versions
In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 18, and 7.2 before fix pack 5, pa
7.5
HIGH
CVE-2021-33320
all versions
The Flags module in Liferay Portal 7.3.1 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 befo
4.3
MEDIUM
CVE-2021-29049
all versions
Cross-site scripting (XSS) vulnerability in the Portal Workflow module's edit process page in Liferay DXP 7.0 before fix pack 99,
6.1
MEDIUM
CVE-2021-29051
all versions
Cross-site scripting (XSS) vulnerability in the Asset module's Asset Publisher app in Liferay Portal 7.2.1 through 7.3.5, and Life
6.1
MEDIUM
CVE-2021-29048
all versions
Cross-site scripting (XSS) vulnerability in the Layout module's page administration page in Liferay Portal 7.3.4, 7.3.5 and Lifera
6.1
MEDIUM
CVE-2021-29044
all versions
Cross-site scripting (XSS) vulnerability in the Site module's membership request administration pages in Liferay Portal 7.0.0 thro
6.1
MEDIUM
CVE-2021-29043
all versions
The Portal Store module in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2
5.9
MEDIUM
CVE-2021-29040
< 7.0
The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2
5.3
MEDIUM
CVE-2020-15840
all versions
In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property 'portlet.resource.id
5.3
MEDIUM
CVE-2020-15839
all versions
Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 and 7.2 before fix pack 6, does not restrict the size of a mul
6.5
MEDIUM
CVE-2020-15842
all versions
Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5, allows man
8.1
HIGH
CVE-2020-15841
all versions
Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7.1 before fix pack 17, and 7.2 before fix pack 4, does not s
8.3
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin