16 matches found
Cross-Site Request Forgery (CSRF)
com.liferay, com.liferay.change.tracking.web is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to insufficient request-validation mechanisms, which allows an attacker to trick users into unknowingly performing actions that add or edit publication comments...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the comliferaychangetrackingwebportletPublicationsPortletvalue parameter. An attacker can access and modify publication comments by sending crafted URLs as an authenticated user. Remediation Upgrade...
Liferay Publications is vulnerable to Incorrect Authorization
Insecure direct object reference IDOR vulnerability in Publications in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated attackers to view publication comments via the...
EUVD-2025-34073
Liferay Publications is vulnerable to Incorrect Authorization...
CVE-2025-62243
CVE-2025-62243 is an insecure direct object reference (IDOR) in Liferay Publications. Affected: Liferay Portal 7.4.1–7.4.3.112 and Liferay DXP 2023.Q3.1–Q3.8, 2023.Q4.0–Q4.5, plus 7.4 GA up to update 92. Description indicates remote authenticated users can view and edit publication comments via t...
PT-2025-41798
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.1 through 7.4.3.112 Liferay DXP versions 2023.Q3.1 through 2023.Q3.8 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Liferay DXP 7.4 GA through update 92 Description An insecure direct object reference IDOR issue...
CVE-2025-62245
Cross-site request forgery CSRF vulnerability in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to add and edit publication comments...
GHSA-9676-RH83-CR86 Liferay Portal is vulnerable to CSRF through publication comments
Cross-site request forgery CSRF vulnerability in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to add and edit publication comments...
EUVD-2025-33771
Cross-site request forgery CSRF vulnerability in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to add and edit publication comments...
Liferay Portal is vulnerable to CSRF through publication comments
Cross-site request forgery CSRF vulnerability in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to add and edit publication comments...
CVE-2025-62245
Cross-site request forgery CSRF vulnerability in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to add and edit publication comments...
CVE-2025-62245
Cross-site request forgery CSRF vulnerability in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to add and edit publication comments...
CVE-2025-62245
CVE-2025-62245 affects Liferay Portal 7.4.1–7.4.3.112 and Liferay DXP 2023.Q4.0–2023.Q4.5, 2023.Q3.1–2023.Q3.10, and 7.4 GA through update 92. It is a Cross‑Site Request Forgery (CSRF) vulnerability that lets remote attackers add and edit publication comments via the affected web interfaces. The ...
CVE-2025-62245
Cross-site request forgery CSRF vulnerability in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to add and edit publication comments...
CVE-2025-62245
Cross-site request forgery CSRF vulnerability in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to add and edit publication comments...
PT-2025-41603
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.1 through 7.4.3.112 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Description A cross-site request forgery CSRF issue exists. This allows remote attackers to add...