Lucene search
K

5 matches found

OSV
OSV
added 2025/10/13 6:31 p.m.2 views

GHSA-2HFJ-JV6Q-762V Liferay Publications vulnerable to Authorization Bypass Through User-Controlled Key

Insecure direct object reference IDOR vulnerability in Publications in Liferay Portal 7.3.1 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92, and 7.3 GA through update 36 allows remote authenticated attackers to view the edi...

4.8CVSS6.8AI score0.00264EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/10/13 6:31 p.m.10 views

Liferay Publications is vulnerable to Incorrect Authorization

Insecure direct object reference IDOR vulnerability in Publications in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated attackers to view publication comments via the...

5.4CVSS6.8AI score0.00225EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/10/13 6:31 p.m.5 views

GHSA-894W-W643-QVXV Liferay Publications is vulnerable to Incorrect Authorization

Insecure direct object reference IDOR vulnerability in Publications in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated attackers to view publication comments via the...

5.3CVSS6.8AI score0.00225EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/10/13 5:14 p.m.2 views

CVE-2025-62243

Insecure direct object reference IDOR vulnerability in Publications in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated attackers to view publication comments via the...

5.3CVSS6.4AI score0.00225EPSS
Exploits0References1
CVE
CVE
added 2025/10/13 4:53 p.m.16 views

CVE-2025-62244

CVE-2025-62244 (Liferay Publications IDOR) affects Liferay Portal 7.3.1–7.4.3.111 and Liferay DXP 2023.Q4.0–2023.Q4.5, 2023.Q3.1–2023.Q3.8, plus 7.4 GA up to update 92 and 7.3 GA up to update 36. An insecure direct object reference via the parameter _com_liferay_change_tracking_web_portlet_Public...

4.8CVSS6.4AI score0.00264EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder