Insecure Direct Object Reference (IDOR)

Liferay Portal including Liferay DXP is vulnerable to an Insecure Direct Object Reference IDOR. The vulnerability is due to the Contacts Center widget directly exposing the comliferaycontactswebportletContactsCenterPortletentryId parameter without proper authorization checks. An attackers can use...

EUVD-2005-0369

Malware in sbrugna...

EUVD-2005-3515

Malware in sbrugna...

CVE-2025-43803

Insecure direct object reference IDOR vulnerability in the Contacts Center widget in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows...

GHSA-8C8V-R5JJ-4425 Liferay Contacts Center widget has insecure direct object reference

Insecure direct object reference IDOR vulnerability in the Contacts Center widget in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows...

Liferay Contacts Center widget has insecure direct object reference

Insecure direct object reference IDOR vulnerability in the Contacts Center widget in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the entryId parameter. An attacker can access sensitive contact information, such as names and email addresses, by supplying arbitrary identifiers to the parameter. Remediation Upgrad...

CVE-2025-43803

Insecure direct object reference IDOR vulnerability in the Contacts Center widget in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows...

CVE-2025-43803

The CVE-2025-43803 case affects Liferay Portal and Liferay DXP where the Contacts Center widget directly exposes the entryId parameter (_com_liferay_contacts_web_portlet_ContactsCenterPortlet_entryId) leading to an Insecure Direct Object Reference (IDOR). Affected versions include Liferay Portal ...

CVE-2025-43803

Insecure direct object reference IDOR vulnerability in the Contacts Center widget in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows...

PT-2025-38612

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.119 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay DXP versions 2023.Q4.0 through 2023.Q4.6 Liferay Portal versions 7.4 GA through update 92 Description An insecure direct object reference...

U.S. Dept Of Defense: SQL Injection - entryid parameter in 'formbuilderv2-confirmation.php'

A SQL injection vulnerability was discovered in the 'entryid' parameter of the 'formbuilderv2-confirmation.php' script on the website. The vulnerability allowed for the manipulation of SQL queries executed by the backend database...

CVE-2014-2511

Multiple cross-site scripting XSS vulnerabilities in EMC Documentum WebTop before 6.7 SP1 P28 and 6.7 SP2 before P14 allow remote attackers to inject arbitrary web script or HTML via the 1 startat or 2 entryId parameter...

CVE-2005-3516

Cross-site scripting XSS vulnerability in recommend.php in Chipmunk Directory script allows remote attackers to inject arbitrary web script or HTML via the entryID parameter...

CVE-2005-3516

Cross-site scripting XSS vulnerability in recommend.php in Chipmunk Directory script allows remote attackers to inject arbitrary web script or HTML via the entryID parameter...