Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2025/10/07 11:13 p.m.11 views

CVE-2025-43824

The Profile widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions uses a user’s name in the “Content-Disposition” header, which allows...

4.8CVSS6.8AI score0.00217EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:31 a.m.21 views

EUVD-2025-32592

The Profile widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions uses a user’s name in the “Content-Disposition” header, which allows...

4.8CVSS6.3AI score0.00217EPSS
Exploits0References2
OSV
OSV
added 2025/10/07 12:31 a.m.61 views

GHSA-PFXJ-GVQG-MJ44 Liferay Profile Widget does not prevent vCard extension spoofing

The Profile Widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions uses a user’s name in the “Content-Disposition” header, which allows...

4.8CVSS6.4AI score0.00217EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/10/07 12:31 a.m.8 views

Liferay Profile Widget does not prevent vCard extension spoofing

The Profile Widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions uses a user’s name in the “Content-Disposition” header, which allows...

5.4CVSS6.5AI score0.00217EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2025/10/06 10:15 p.m.48 views

CVE-2025-43824

The Profile widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions uses a user’s name in the “Content-Disposition” header, which allows...

5.4CVSS0.00217EPSS
Exploits0References1
CVE
CVE
added 2025/10/06 10:5 p.m.22 views

CVE-2025-43824

The CVE-2025-43824 affects the Profile widget in Liferay Portal 7.4.0–7.4.3.111 (and older unsupported versions) and Liferay DXP 2023.Q3–2023.Q4 and 7.4 GA up to update 92. The root cause is a user name being included in the Content-Disposition header, allowing remote authenticated users to chang...

5.4CVSS6.4AI score0.00217EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2025/10/06 10:5 p.m.41 views

CVE-2025-43824

The Profile widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions uses a user’s name in the “Content-Disposition” header, which allows...

4.8CVSS0.00217EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/06 10:5 p.m.4 views

CVE-2025-43824

The Profile widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions uses a user’s name in the “Content-Disposition” header, which allows...

4.8CVSS6.4AI score0.00217EPSS
Exploits0References1
Rows per page
Query Builder