liferay
340 tracked vulnerabilities.
CVE-2025-43816
HIGH
Liferay Digital Experience Platform - Memory Leak in StructuredContents Headless API
Sep 25, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-43819
MEDIUM
Liferay Portal 7.4.3.121-7.4.3.131 and Liferay DXP 2024.Q1.1-2024.Q1.12 - Unauthenticated Session Reuse via SLO API
Sep 24, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-43779
MEDIUM
Liferay Portal 7.4.0-7.4.3.112 & DXP 2024.Q1.1-2024.Q1.18 - Authenticated XSS via productTypeName
Sep 24, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-43814
MEDIUM
Liferay Portal <7.4.3.112 & DXP <2023.Q4.8 - Info Disclosure
Sep 22, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-43810
MEDIUM
Liferay DXP 2023.Q3.1-2023.Q3.10 - Authenticated IDOR via Commerce Order Notes
Sep 22, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-43806
MEDIUM
Liferay Digital Experience Platform 2023.Q3.1-2023.Q3.10 - Authenticated Incorrect Authorization in Batch Engine
Sep 22, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-43807
MEDIUM
Liferay Portal 7.4.0-7.4.3.112 and DXP 2023.Q3.1-2023.Q3.10 - Stored Cross-Site Scripting in Notifications Widget
Sep 22, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-43808
MEDIUM
Liferay DXP 2023.Q3.1-2023.Q3.10 - Unauthenticated Virtual Product Access via Documents and Media
Sep 19, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-43809
MEDIUM
Liferay Portal 7.4.0-7.4.3.111 and Liferay DXP < 2023.Q4.8 - Cross-Site Request Forgery via License Registration
Sep 19, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-43803
MEDIUM
Liferay Digital Experience Platform - Insecure Direct Object Reference in Contacts Center Widget
Sep 19, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-43804
MEDIUM
Liferay Portal 7.4.3.93-7.4.3.111 & DXP 2023.Q4.0, 2023.Q3.1-2023.Q3.4 - XSS via Search Widget UserId
Sep 16, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-43805
MEDIUM
Liferay Portal 7.3.0-7.4.3.111 & DXP Unauthenticated Display Page Template Access
Sep 16, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-43801
HIGH
Liferay Digital Experience Platform < 7.3 and 7.4.0-7.4.3.111 - Denial of Service via XML-RPC
Sep 16, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-43802
MEDIUM
Liferay DXP 2023.Q3.1-2023.Q3.4 - Stored Cross-Site Scripting via Custom Object API External Reference Code
Sep 15, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-43797
MEDIUM
Liferay Portal/DXP - Info Disclosure
Sep 15, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-43799
MEDIUM
Liferay Portal <7.4.3.111 & DXP - Info Disclosure
Sep 15, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-43798
MEDIUM
Liferay DXP <2023.Q4.0, 2023.Q3.1-2023.Q3.4, 7.4 GA-92, 7.3 GA-35 -...
Sep 15, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-43800
MEDIUM
Liferay Portal 7.4.3.20-7.4.3.111 and DXP 2023.Q3.1-2023.Q3.4 - Stored Cross-Site Scripting in Rich Text Object Field
Sep 15, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-43791
MEDIUM
Liferay DXP 2023.Q3.1-2023.Q3.4 - Stored Cross-Site Scripting via Rich Text Field Injection
Sep 15, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-43792
MEDIUM
Liferay Portal <7.4.3.105 - Info Disclosure
Sep 15, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-43793
HIGH
Liferay Portal <7.4.3.105 - Info Disclosure
Sep 15, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-43794
MEDIUM
Liferay DXP <7.3 & 7.4.0-7.4.3.111 - Authenticated Stored XSS via CDN Host
Sep 15, 2025
CVSS 4.8
EPSS 0.00
CVE-2025-43796
HIGH
Liferay Portal 7.4.0-7.4.3.101 and DXP 2023.Q3.0-2023.Q3.4 - Uncontrolled Resource Consumption via GraphQL Queries
Sep 12, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-43795
MEDIUM
Liferay Portal 7.1.0-7.4.3.101 & DXP 2023.Q3.1-2023.Q3.4, 7.4 GA-92, 7.3 GA-35 Open Redirect
Sep 12, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-43787
MEDIUM
Liferay Portal 7.4.0-7.4.3.132 & DXP 2024.Q1.1-2024.Q1.20 - Authenticated Stored XSS via Organization Site Names
Sep 12, 2025
CVSS 5.4
EPSS 0.00