Lucene search
+L

5 matches found

Veracode
Veracode
added 2025/11/03 3:54 a.m.5 views

Missing Authorization

com.liferay, com.liferay.asset.display.page.service is vulnerable to Missing Authorization. The vulnerability is due to missing authorization checks when users attempt to view display page templates, which allows an attacker to access these templates through crafted URLs...

6.9CVSS6.6AI score0.00271EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2025/10/08 3:32 p.m.4 views

Cross-site Scripting (XSS)

Overview com.liferay:com.liferay.asset.publisher.web is a portal for Liferay. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Notifications widget when processing user-supplied input in text fields such as First Name, Middle Name, Last Name, Other Reason, or t...

5.4CVSS5.5AI score0.00197EPSS
Exploits0References2
OSV
OSV
added 2025/09/29 10:15 p.m.7 views

CVE-2025-43811

Multiple stored cross-site scripting XSS vulnerability in the related asset selector in Liferay Portal 7.4.3.50 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.7, and 7.4 update 50 through update 92 allows remote authenticated attackers to inject arbitrar...

5.4CVSS5.4AI score0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/21 8:36 p.m.5 views

CVE-2025-43744

A stored DOM-based Cross-Site Scripting XSS vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.5, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and...

5.1CVSS5.8AI score0.00166EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2022/05/24 7:9 p.m.6 views

com.liferay:com.liferay.asset.publisher.web (>=1.0.0 <=1.8.11), com.liferay:com.liferay.blogs.web (>=1.0.0 <=2.0.4) +3 more potentially affected by CVE-2021-33320 via com.liferay:com.liferay.flags.taglib (=2.0.0)

com.liferay:com.liferay.flags.taglib MAVEN version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on com.liferay:com.liferay.flags.taglib and may be impacted: - com.liferay:com.liferay.asset.publisher.web =1.0.0, =1.0.0, =2.0.0, =1.0.0, =1.3.0...

4.3CVSS5.8AI score0.01195EPSS
Exploits0
Rows per page
Query Builder