Liferay Portal和Liferay DXP 跨站请求伪造漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DX...

Liferay Portal Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in the server license registration page in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.7, 2023.Q3.1 through 2023.Q3.9, 7.4 GA through update 92, and older unsupported versions allow...

Cross-site Request Forgery (CSRF)

Overview com.liferay.portal:portal-service is a portal service package for Liferay. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the orderUuid parameter in the server license registration process. An attacker can register a server license without...

CVE-2025-43809

Cross-Site Request Forgery CSRF vulnerability in the server license registration page in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.7, 2023.Q3.1 through 2023.Q3.9, 7.4 GA through update 92, and older unsupported versions allow...

CVE-2025-43809

Cross-Site Request Forgery CSRF vulnerability in the server license registration page in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.7, 2023.Q3.1 through 2023.Q3.9, 7.4 GA through update 92, and older unsupported versions allow...

CVE-2025-43809

The CVE-2025-43809 CSRF issue affects Liferay Portal/ Liferay DXP, specifically server license registration via the orderUuid parameter. Affected products/versions include Liferay Portal 7.4.0–7.4.3.111 and older unsupported versions, and Liferay DXP 2023.Q4.0–2023.Q4.7, 2023.Q3.1–2023.Q3.9, plus...

PT-2025-38613

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q3.9 Liferay DXP versions 2023.Q4.0 through 2023.Q4.7 Liferay Portal 7.4 GA through update 92 Description A Cross-Site Request Forgery CSRF vulnerabili...