Lucene search
K

16 matches found

Positive Technologies
Positive Technologies
added 2025/10/31 12:0 a.m.7 views

PT-2025-44693

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q4.10 Liferay Portal 7.4 GA through update 92 Description The Document Library and Adaptive Media modules are affected by an issue where an incorrect...

5.5CVSS6.4AI score0.00123EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.6 views

PT-2025-44440

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.119 Liferay DXP versions 2023.Q3.1 through 2023.Q4.10 Liferay DXP versions 2024.Q1.1 through 2024.Q1.5 Liferay Portal versions 7.4 GA through update 92 Older unsupported versions Description The...

6.9CVSS6.8AI score0.00384EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.5 views

PT-2025-44448

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q4.10 Liferay Portal versions 7.3 GA through update 36 Liferay DXP versions 7.4 GA through update 92 Description A cross-site scripting XSS issue exist...

4.8CVSS5.8AI score0.00201EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/10/27 9:44 p.m.9 views

CVE-2025-62260

Liferay Portal 7.4.0 through 7.4.3.99, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit the number of objects returned from Headless API requests, which allows remote attackers to perform denial-of-servi...

7.1CVSS0.00351EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.3 views

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

6.9CVSS6.5AI score0.00228EPSS
Exploits0References2
OSV
OSV
added 2025/10/21 9:33 p.m.4 views

GHSA-RX48-GQC2-4W47 Liferay Portal reflected cross-site scripting (XSS) vulnerability in the google_gaget

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q3.0 through 2025.Q3.2, 2025.Q2.0 through 2025.Q2.12, 2025.Q1.0 through 2025.Q1.17, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13,...

6.9CVSS5.9AI score0.00224EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/10/13 12:0 a.m.4 views

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

5.4CVSS6.4AI score0.0022EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/10 12:0 a.m.4 views

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

5.4CVSS5.8AI score0.00203EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/08 12:0 a.m.3 views

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

6.1CVSS5.7AI score0.00224EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/17 8:52 p.m.4 views

CVE-2025-43799

Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35, and older unsupported versions does not limit access to APIs before a user has changed their initial password, whi...

6.9CVSS6.9AI score0.00244EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.5 views

PT-2025-12357

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.126 Liferay DXP versions 2024.Q3.0, 2024.Q2.0 through 2024.Q2.12, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92 Description The...

5.1CVSS6.6AI score0.00252EPSS
Exploits0References9
Cvelist
Cvelist
added 2024/10/22 2:6 p.m.46 views

CVE-2024-26271

Cross-site request forgery CSRF vulnerability in the My Account widget in Liferay Portal 7.4.3.75 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 update 75 through update 92 and 7.3 update 32 through update 36 allows remote attackers to 1 change us...

8.8CVSS0.00342EPSS
Exploits0References1
NVD
NVD
added 2024/02/21 2:15 p.m.11 views

CVE-2023-47795

Stored cross-site scripting XSS vulnerability in the Document and Media widget in Liferay Portal 7.4.3.18 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 18 through 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected...

9CVSS7.3AI score0.00614EPSS
Exploits0References1
OSV
OSV
added 2024/02/21 3:30 a.m.33 views

GHSA-54PV-R62J-9QQC Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting

Reflected cross-site scripting XSS vulnerability on the add assignees to a role page in Liferay Portal 7.3.3 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, 7.4 GA through update 92, and 7.3 before update 34 allows remote attackers to inject arbitrary web script or HTML via the...

9.6CVSS6.8AI score0.00611EPSS
Exploits0References3
Prion
Prion
added 2024/02/21 3:15 a.m.21 views

Cross site scripting

Reflected cross-site scripting XSS vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 4 through 92 allows remote attackers to inject arbitrary web script or HTML via the...

6.8CVSS5.9AI score0.00611EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/21 2:21 a.m.14 views

CVE-2023-42496

Reflected cross-site scripting XSS vulnerability on the add assignees to a role page in Liferay Portal 7.3.3 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, 7.4 GA through update 92, and 7.3 before update 34 allows remote attackers to inject arbitrary web script or HTML via the...

9.6CVSS5.7AI score0.00611EPSS
Exploits0References1
Rows per page
Query Builder