2 matches found
GHSA-CHR3-W547-85HW Liferay Portal Commerce component has Incorrect Permission Assignment for Critical Resource
The Commerce component in Liferay Portal 7.3.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and 7.3 Service Pack 3 through update 35 saves virtual products uploaded to Documents and Media with guest view permission, which...
PT-2025-38626
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3.0 through 7.4.3.112 Liferay DXP versions 2023.Q4.0 through 2023.Q4.8 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay Portal 7.4 GA through update 92 Liferay Portal 7.3 service pack 3 through update 35...