Lucene search
K

22 matches found

Veracode
Veracode
added 2025/11/25 9:27 a.m.7 views

Improper Access Control

liferay-portal is vulnerable to an Improper Access Control. The vulnerability is due to virtual products being saved with guest view permissions, where the Commerce component stores uploaded product files in Documents and Media without restricting access. An attacker can exploit this by requestin...

6.9CVSS6.9AI score0.00346EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-30241

Malicious code in bioql PyPI...

6.9CVSS6.4AI score0.00346EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-29222

Malicious code in bioql PyPI...

4.8CVSS6.4AI score0.00199EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/21 9:23 p.m.12 views

CVE-2025-43808

The Commerce component in Liferay Portal 7.3.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and 7.3 service pack 3 through update 35 saves virtual products uploaded to Documents and Media with guest view permission, which...

6.9CVSS6.9AI score0.00346EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/21 12:0 a.m.5 views

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

6.9CVSS6.5AI score0.00346EPSS
Exploits0References1
Snyk
Snyk
added 2025/09/19 9:31 p.m.1 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to the Commerce component assigning guest view permissions to uploaded virtual products in Documents and Media. An attacker can access and download virtual products without...

6.9CVSS6.6AI score0.00346EPSS
Exploits0References2
OSV
OSV
added 2025/09/19 9:31 p.m.8 views

GHSA-CHR3-W547-85HW Liferay Portal Commerce component has Incorrect Permission Assignment for Critical Resource

The Commerce component in Liferay Portal 7.3.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and 7.3 Service Pack 3 through update 35 saves virtual products uploaded to Documents and Media with guest view permission, which...

6.9CVSS6.5AI score0.00346EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/09/19 9:31 p.m.13 views

Liferay Portal Commerce component has Incorrect Permission Assignment for Critical Resource

The Commerce component in Liferay Portal 7.3.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and 7.3 Service Pack 3 through update 35 saves virtual products uploaded to Documents and Media with guest view permission, which...

6.9CVSS6.6AI score0.00346EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2025/09/19 9:15 p.m.6 views

CVE-2025-43808

The Commerce component in Liferay Portal 7.3.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and 7.3 service pack 3 through update 35 saves virtual products uploaded to Documents and Media with guest view permission, which...

5.3CVSS6.8AI score0.00346EPSS
Exploits0References1
NVD
NVD
added 2025/09/19 9:15 p.m.12 views

CVE-2025-43808

The Commerce component in Liferay Portal 7.3.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and 7.3 service pack 3 through update 35 saves virtual products uploaded to Documents and Media with guest view permission, which...

6.9CVSS0.00346EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/19 8:37 p.m.1 views

CVE-2025-43808

The Commerce component in Liferay Portal 7.3.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and 7.3 service pack 3 through update 35 saves virtual products uploaded to Documents and Media with guest view permission, which...

6.9CVSS6.5AI score0.00346EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/19 8:37 p.m.10 views

CVE-2025-43808

The Commerce component in Liferay Portal 7.3.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and 7.3 service pack 3 through update 35 saves virtual products uploaded to Documents and Media with guest view permission, which...

6.9CVSS0.00346EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/19 12:0 a.m.12 views

PT-2025-38626

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3.0 through 7.4.3.112 Liferay DXP versions 2023.Q4.0 through 2023.Q4.8 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay Portal 7.4 GA through update 92 Liferay Portal 7.3 service pack 3 through update 35...

6.9CVSS6.6AI score0.00346EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/09/17 6:45 p.m.5 views

CVE-2025-43791

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected...

4.8CVSS5.9AI score0.00199EPSS
Exploits0References1
OSV
OSV
added 2025/09/15 6:31 p.m.3 views

GHSA-5C6V-FQCW-W6Q5 Liferay Portal vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected...

4.8CVSS6AI score0.00199EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/09/15 6:31 p.m.11 views

Liferay Portal vulnerable to Cross-site Scripting

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected...

6.1CVSS5.9AI score0.00199EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/09/15 6:15 p.m.4 views

CVE-2025-43791

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected...

6.1CVSS0.00199EPSS
Exploits0References1
OSV
OSV
added 2025/09/15 6:15 p.m.4 views

CVE-2025-43791

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected...

6.1CVSS5.8AI score0.00199EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/15 6:8 p.m.2 views

CVE-2025-43791

Multiple cross-site scripting XSS vulnerabilities in Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected...

4.8CVSS5.5AI score0.00199EPSS
Exploits0References1
CVE
CVE
added 2025/09/15 6:8 p.m.19 views

CVE-2025-43791

CVE-2025-43791 corresponds to multiple XSS flaws in Liferay Portal 7.3.0–7.4.3.111 and Liferay DXP 2023.Q4.0, 2023.Q3.1–2023.Q3.4, 7.4 GA–update 92, 7.3 GA–update 36.** The root cause is improper validation in the Data Engine’s Rich Text field, allowing remote attackers to inject arbitrary web sc...

6.1CVSS5.5AI score0.00199EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder