Lucene search
K

5 matches found

Snyk
Snyk
added 2025/10/13 6:31 p.m.2 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the comliferaychangetrackingwebportletPublicationsPortletctCollectionId parameter. An attacker can access unauthorized publication edit pages by manipulating this parameter. Remediati...

4.8CVSS7AI score0.00264EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/13 6:31 p.m.2 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the comliferaychangetrackingwebportletPublicationsPortletvalue parameter. An attacker can access and modify publication comments by sending crafted URLs as an authenticated user. Remediation Upgrade...

5.4CVSS6.9AI score0.00225EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/13 4:53 p.m.11 views

CVE-2025-62244

Insecure direct object reference IDOR vulnerability in Publications in Liferay Portal 7.3.1 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92, and 7.3 GA through update 36 allows remote authenticated attackers to view the edi...

4.8CVSS0.00264EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/13 12:0 a.m.9 views

PT-2025-41793

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3.1 through 7.4.3.111 Liferay DXP versions 2023.Q3.1 through 2023.Q4.5 Description An insecure direct object reference IDOR exists in the Publications feature. This allows remotely authenticated attackers to view the...

4.8CVSS6.5AI score0.00264EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/10/13 12:0 a.m.7 views

PT-2025-41798

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.1 through 7.4.3.112 Liferay DXP versions 2023.Q3.1 through 2023.Q3.8 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Liferay DXP 7.4 GA through update 92 Description An insecure direct object reference IDOR issue...

5.4CVSS6.4AI score0.00225EPSS
Exploits0References12
Rows per page
Query Builder