liferay

340 tracked vulnerabilities.

CVE-2025-43789 MEDIUM
Liferay DXP 2024.Q1.1-2024.Q1.9 & 7.4.0-7.4.3.119 - Incorrect Authorization in JSON WS
Sep 12, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-43788 MEDIUM
Liferay Portal 7.4.0-7.4.3.124 & DXP 2024.Q1.1-2024.Q1.12 - Auth Missing in Org Selector
Sep 12, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-43790 HIGH
Liferay Portal 7.4.0-7.4.3.124 and DXP 2024.Q1.1-2024.Q1.12 - Authenticated Insecure Direct Object Reference
Sep 11, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-43782 MEDIUM
Liferay Portal 7.4.0-7.4.3.124 & DXP 2024.Q1.1-2024.Q1.12 - IDOR via Workflow Definition API
Sep 11, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-43783 MEDIUM
Liferay DXP 2024.Q1.1-2024.Q1.12 - Reflected XSS via /c/portal/comment/discussion/get_editor
Sep 10, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-43784 MEDIUM
Liferay Portal 7.4.0-7.4.3.124 & DXP 2024.Q1.1-2024.Q2.8 - Unauthenticated Information Disclosure via API Builder
Sep 10, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-43785 MEDIUM
Liferay Digital Experience Platform 2024.Q1.1-2024.Q1.12 - Stored Cross-Site Scripting in My Workflow Tasks Page
Sep 10, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-43786 MEDIUM
Liferay Digital Experience Platform 2024.Q1.1-2024.Q1.12 - Information Disclosure via ERC Enumeration
Sep 09, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-43781 MEDIUM
Liferay Portal 7.4.3.110-128 & DXP 2024.Q1.1-12, 2024.Q2.0-13, 2024.Q3.1-8 - XSS via Search Bar Portlet URL
Sep 09, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-43775 MEDIUM
Liferay Portal 7.4.0-7.4.3.128 and DXP 2024.Q1.1-2024.Q1.12 - Stored Cross-Site Scripting via Remote App Title Field
Sep 09, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-43776 MEDIUM
Liferay DXP 2024.Q1.1-2024.Q1.19 Authenticated Stored XSS via Custom Object Field Label
Sep 09, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-43777 MEDIUM
Liferay Portal 7.4.0-7.4.3.132 & DXP 2024.Q1.1-2024.Q1.19 - Information Disclosure via Deleted Client Secret
Sep 09, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-43778 MEDIUM
Liferay Portal 7.4.0-7.4.3.132 & DXP 2024.Q1.1-2024.Q1.20 - Authenticated Stored XSS in Kaleo Forms
Sep 09, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-43763 MEDIUM
Liferay Portal 7.4.0-7.4.3.131 & DXP 2024.Q1.1-2024.Q1.20 SSRF via Custom Object Attachment Fields
Sep 09, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-43772 HIGH
Liferay Portal 7.0.0-7.4.3.4 and Liferay DXP - Denial of Service via Unrestricted Session Parameter Storage
Sep 04, 2025
EPSS 0.01
CVE-2025-3586 HIGH
Liferay DXP 2023.Q3.1-2023.Q3.10 Authenticated RCE via Groovy Script
Sep 01, 2025
CVSS 7.2
EPSS 0.01
CVE-2025-43773 CRITICAL
Liferay Portal 7.4.0-7.4.3.132 and Liferay DXP 2024.Q1.1-2024.Q1.18 - Missing Authorization via expandoTableLocalService
Aug 29, 2025
CVSS 9.1
EPSS 0.00
CVE-2025-43766 CRITICAL
Liferay DXP 2024.Q1.1-2024.Q1.12 - Unrestricted File Upload & RCE in Style Books
Aug 23, 2025
CVSS 9.8
EPSS 0.00
CVE-2025-43765 MEDIUM
Liferay DXP 2024.Q1.1-2024.Q1.13 - Unauthenticated Stored XSS in Web Content Text Field
Aug 23, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-43764 MEDIUM
Liferay DXP 2024.Q1.1-2024.Q1.20 - ReDoS via Kaleo Designer Role Name Search
Aug 23, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-43767 MEDIUM
Liferay Portal 7.4.3.86-7.4.3.131 & DXP 2024.Q1.1-2024.Q1.12 Open Redirect via /c/portal/edit_info_item
Aug 23, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-43769 MEDIUM
Liferay Digital Experience Platform 2024.Q1.1-2024.Q1.12 - Stored Cross-Site Scripting in Components Tab
Aug 23, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-43768 HIGH
Liferay Portal/DXP <7.4.3.131, <2024.Q4.7, <2024.Q3.13, <2024.Q2.13...
Aug 23, 2025
CVSS 7.7
EPSS 0.00
CVE-2025-43770 MEDIUM
Liferay Portal 7.4.0-7.4.3.131 & DXP 2024.Q1.1-2024.Q1.12 - Reflected XSS via Referer/FORWARD_URL
Aug 23, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-43761 MEDIUM
Liferay Portal 7.4.0-7.4.3.131 & DXP 2024.Q1.1-2024.Q1.12 - Reflected XSS via CKEditor
Aug 22, 2025
CVSS 6.1
EPSS 0.00
Products
liferay_portal 319 digital_experience_platform 264 dxp 39 liferay_enterprise_portal 9 DXP 2 Portal 2 portal 2 liferay 1 liferay_portal_enterprise 1
Quick Filters
Critical CVEs With Exploits In CISA KEV