5 matches found
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the comliferaychangetrackingwebportletPublicationsPortletctCollectionId parameter. An attacker can access unauthorized publication edit pages by manipulating this parameter. Remediati...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the comliferaychangetrackingwebportletPublicationsPortletvalue parameter. An attacker can access and modify publication comments by sending crafted URLs as an authenticated user. Remediation Upgrade...
CVE-2025-62244
Insecure direct object reference IDOR vulnerability in Publications in Liferay Portal 7.3.1 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92, and 7.3 GA through update 36 allows remote authenticated attackers to view the edi...
PT-2025-41793
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3.1 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q4.5 Description An insecure direct object reference IDOR exists in the Publications feature. This allows remotely authenticated attackers to view the...
PT-2025-41798
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.1 through 7.4.3.112 Liferay DXP versions 2023.Q3.1 through 2023.Q3.8 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Liferay DXP 7.4 GA through update 92 Description An insecure direct object reference IDOR issue...