Lucene search
K

234 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:55 a.m.11 views

CVE-2022-38902

A Cross-site scripting XSS vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic...

5.4CVSS5.9AI score0.00535EPSS
Exploits1References1
Veracode
Veracode
added 2025/12/13 5:26 a.m.5 views

Insecure Storage Of Sensitive Information

Liferay Portal and Liferay DXP are vulnerable to insecure storage of sensitive information. The vulnerability is due to storing password reset tokens in plain text in the database, which allows an attacker with database access to retrieve the token, reset a user’s password, and take over the user...

6.9CVSS5.8AI score0.00228EPSS
Exploits0References4Affected Software2
Veracode
Veracode
added 2025/12/13 5:8 a.m.6 views

Denial Of Service (DoS)

Liferay Portal and Liferay DXP are vulnerable to denial-of-service DoS. The vulnerability is due to the absence of limits on the number of objects returned from Headless API requests, which allows an attacker to exploit the application by sending requests that retrieve an excessively large number...

7.5CVSS5.8AI score0.00351EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/11/01 3:30 a.m.6 views

GHSA-XF7M-V66Q-76W8 Liferay Portal and DXP do not check permissions of images in a blog entry

Blogs in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions does not check permission of images in a blog entry, which allows remote attackers ...

6.9CVSS6.9AI score0.00267EPSS
Exploits0References6
OSV
OSV
added 2025/10/31 9:31 p.m.28 views

GHSA-Q285-WFPG-93HR Liferay Portal and DXP affected by multiple cross-site scripting (XSS) vulnerabilities in web content template’s select structure page

Multiple cross-site scripting XSS vulnerabilities in web content template’s select structure page in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 35 through update 92 allow remote attackers to inject arbitrary we...

6.1CVSS5.9AI score0.00214EPSS
Exploits0References4
OSV
OSV
added 2025/10/31 6:31 p.m.6 views

GHSA-2J97-4JMQ-C4XF Liferay Portal Vulnerable to Reflected XSS via the selectedLanguageId Parameter

Reflected cross-site scripting XSS vulnerability in Languauge Override in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 update 4 through update 92 allows remote attackers to inject arbitrary web script or HTML via the...

6.1CVSS5.8AI score0.00221EPSS
Exploits0References3
OSV
OSV
added 2025/10/30 6:15 p.m.4 views

CVE-2025-62266

By default, Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions is vulnerable to DNS rebinding attacks, which allow...

6.1CVSS6.6AI score0.00384EPSS
Exploits0References1
NVD
NVD
added 2025/10/30 12:15 a.m.7 views

CVE-2025-62257

Password enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote attackers t...

6.3CVSS0.00368EPSS
Exploits0References1
CVE
CVE
added 2025/10/27 7:38 p.m.13 views

CVE-2025-62263

CVE-2025-62263 affects Liferay Portal/DXP versions ranging from 7.3.7 to 7.4.3.103 and 2023.Q3.1–2023.Q3.4, including 7.4 GA up to update 92 and 7.3 SP3 up to update 36. The flaw is multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or H...

5.4CVSS5.5AI score0.00202EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2025/10/27 12:0 a.m.7 views

PT-2025-44063

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3 GA through update 35 Liferay Portal versions 7.4.0 through 7.4.3.107 Liferay DXP versions 2023.Q3.1 through 2023.Q3.4 Liferay Portal versions 7.4 GA through update 92 Description A Cross-Site Request Forgery CSRF...

7CVSS7AI score0.00167EPSS
Exploits0References12
Vulnrichment
Vulnrichment
added 2025/10/23 1:41 p.m.2 views

CVE-2025-62256

Liferay Portal 7.4.0 through 7.4.3.109, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly restrict access to OpenAPI in certain circumstances, which allows remote attackers...

6.9CVSS6.4AI score0.00384EPSS
Exploits0References1
CVE
CVE
added 2025/10/23 1:41 p.m.19 views

CVE-2025-62256

Connected documents describe DNS rebinding vulnerabilities affecting Liferay Portal 7.4.0–7.4.3.119 and various Liferay DXP versions (e.g., 2023.Q3.1–2023.Q4.10, 2024.Q1.1–2024.Q1.5, 7.4 GA through update 92). Problems allow remote attackers to redirect users to arbitrary URLs by abusing redirect...

6.9CVSS6.4AI score0.00384EPSS
Exploits0References1Affected Software2
EUVD
EUVD
added 2025/10/22 9:31 p.m.7 views

EUVD-2025-35627

Liferay Portal and DXP are Missing Authorization in Collection Provider...

2CVSS6.4AI score0.00242EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/22 12:0 a.m.6 views

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

4.8CVSS5.9AI score0.00216EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/21 6:12 p.m.15 views

EUVD-2025-35212

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q3.0 through 2025.Q3.2, 2025.Q2.0 through 2025.Q2.12, 2025.Q1.0 through 2025.Q1.17, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13,...

6.9CVSS5.4AI score0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/13 9:23 p.m.3 views

CVE-2025-62251

Liferay Portal 7.3.0 through 7.4.3.119, and Liferay DXP 2023.Q3.1 through 2023.Q3.8, 2023.Q4.0 through 2023.Q4.5, 7.4 GA through update 92 and 7.3 GA though update 36 shows content to users who do not have permission to view it via the Menu Display Widget. This security flaw could result in...

4.8CVSS6AI score0.00251EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/13 12:0 a.m.4 views

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

5.4CVSS5.8AI score0.00205EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/13 12:0 a.m.5 views

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

6.5CVSS6.2AI score0.00251EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/10 7:12 p.m.10 views

CVE-2025-62245

Cross-site request forgery CSRF vulnerability in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to add and edit publication comments...

5.1CVSS0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/10 3:31 p.m.5 views

EUVD-2025-33721

Liferay Portal Commerce is vulnerable to XSS through account "name" field...

4.8CVSS5.8AI score0.00205EPSS
Exploits0References4
Rows per page
Query Builder