liferay

340 tracked vulnerabilities.

CVE-2025-62241 MEDIUM
Liferay DXP 2023.Q4.1-2023.Q4.5 - Authenticated Insecure Direct Object Reference via Commerce Order ID Parameter
Oct 13, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-62243 MEDIUM
Liferay DXP 2023.Q3.1-2023.Q3.8 - Authenticated IDOR in Publications Comments
Oct 13, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-62244 MEDIUM
Liferay Portal 7.3.1-7.4.3.111 & DXP 2023.Q3.1-2023.Q3.8 - IDOR via Publications Portlet
Oct 13, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-62245 MEDIUM
Liferay Portal 7.4.1-7.4.3.112 and DXP 2023.Q3.1-2023.Q3.10 - Cross-Site Request Forgery
Oct 10, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-62239 MEDIUM
Liferay DXP 2023.Q3.1-2023.Q3.8 & 2023.Q4.0-2023.Q4.5 - Authenticated Stored XSS in Workflow Process Builder
Oct 10, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-62238 MEDIUM
Liferay DXP 2023.Q3.1-2023.Q3.8 & 7.4.3.21-7.4.3.111 - Authenticated Stored XSS via Account Name
Oct 10, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-62237 MEDIUM
Liferay DXP 2023.Q3.1-2023.Q3.8 and 7.4.3.8-7.4.3.111 - Stored Cross-Site Scripting in Commerce View Order Page
Oct 10, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-62240 MEDIUM
Liferay Digital Experience Platform 2023.Q3.1-2023.Q3.7 - Cross-Site Scripting via Calendar Event User Name Fields
Oct 09, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-43771 MEDIUM
Liferay Portal 7.4.3.102-7.4.3.111 & DXP 2023.Q3.1-2023.Q3.10, 2023.Q4.0-2023.Q4.5 - Stored XSS in Notifications Widget
Oct 08, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-43830 MEDIUM
Liferay Portal 7.3.2-7.4.3.111 & DXP Stored XSS in Forms Rich Text Field
Oct 08, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-43829 MEDIUM
Liferay DXP 2023.Q3.1-2023.Q3.8 - Stored Cross-Site Scripting via SVG File Upload
Oct 08, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-43821 MEDIUM
Liferay DXP 2023.Q3.1-2023.Q3.8 - Stored Cross-Site Scripting in Commerce Product Comparison Table Widget
Oct 08, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-43822 MEDIUM
Liferay DXP 2023.Q3.1-2023.Q3.8 & 7.4.3.15-7.4.3.111 - Stored XSS in Terms and Conditions Name Field
Oct 07, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-43823 MEDIUM
Liferay Portal 7.4.0-7.4.3.111 & DXP 2023.Q3.1-2023.Q3.8 - Stored XSS in Commerce Search Result Widget
Oct 07, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-43824 MEDIUM
Liferay Portal 7.4.0-7.4.3.111 & DXP 2023.Q4.0-2023.Q4.5 - Authenticated File Extension Manipulation
Oct 06, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-43825 MEDIUM
Liferay Portal <7.4.3.132 & DXP - Info Disclosure
Oct 03, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-43826 MEDIUM
Liferay Portal 7.4.0-7.4.3.112 and DXP 2023.Q4.0-2023.Q4.8 - Stored Cross-Site Scripting in Web Content Translation
Sep 30, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-43827 MEDIUM
Liferay Portal 7.4.0-7.4.3.117 & DXP 2024.Q1.1-2024.Q1.5 - IDOR via Audit Event ID
Sep 30, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-43817 MEDIUM
Liferay DXP 2023.Q3.1-2023.Q3.8 & 7.4.3.74-7.4.3.111 - Reflected XSS via Redirect
Sep 29, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-43813 HIGH
Liferay DXP <7.3 & 7.4.0-7.4.3.107 - Path Traversal & DoS via ComboServlet
Sep 29, 2025
CVSS 8.2
EPSS 0.00
CVE-2025-43812 MEDIUM
Liferay Digital Experience Platform < 2023.q3.9 - XSS
Sep 29, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-43820 MEDIUM
Liferay DXP 2023.Q3.1-2023.Q3.6 - XSS via Calendar Widget User Invitation
Sep 29, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-43818 MEDIUM
Liferay Digital Experience Platform 2023.Q3.1-2023.Q3.6 - Cross-Site Scripting in Calendar Widget Name Field
Sep 29, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-43815 MEDIUM
Liferay Portal 7.4.3.102-7.4.3.110 & DXP 2023.Q4.0-2023.Q4.2 - XSS via backURLTitle
Sep 29, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-43811 MEDIUM
Liferay DXP 2023.Q3.1-Q3.7 Authenticated Stored XSS via Asset Author Name
Sep 29, 2025
CVSS 5.4
EPSS 0.00
Products
liferay_portal 319 digital_experience_platform 264 dxp 39 liferay_enterprise_portal 9 DXP 2 Portal 2 portal 2 liferay 1 liferay_portal_enterprise 1
Quick Filters
Critical CVEs With Exploits In CISA KEV