GHSA-J4F7-GJ7Q-XG9M Liferay has Incorrect Permission Assignment for Critical Resource

Liferay Portal 7.3.0 through 7.4.3.119, and Liferay DXP 2023.Q3.1 through 2023.Q3.8, 2023.Q4.0 through 2023.Q4.5, 7.4 GA through update 92 and 7.3 GA though update 36 shows content to users who do not have permission to view it via the Menu Display Widget. This security flaw could result in...

EUVD-2025-31650

Malicious code in bioql PyPI...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

PT-2022-17949 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.1.0 through 7.3.3 Liferay DXP 7.0 before fix pack 94 Liferay DXP 7.1 before fix pack 19 Liferay DXP 7.2 before fix pack 8 Description: A cross-site scripting XSS issue exists in the Journal module's web content displ...