liferay

340 tracked vulnerabilities.

CVE-2025-43762 MEDIUM
Liferay Digital Experience Platform - Resource Allocation Without L...
Aug 22, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-43759 LOW
Liferay Portal 7.4.0-7.4.3.132 and DXP 2024.Q1.1-2024.Q1.14 - Authenticated Tenant Enumeration via Page Addition
Aug 22, 2025
CVSS 2.7
EPSS 0.00
CVE-2025-43758 MEDIUM
Liferay Portal/DXP - Info Disclosure
Aug 22, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-43760 MEDIUM
Liferay Portal 7.4.0-7.4.3.132 & DXP 2024.Q1.1-2024.Q1.20 - Authenticated XSS via PortalUtil.escapeRedirect
Aug 22, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-43751 MEDIUM
Liferay Portal 7.4.0-7.4.3.132 & DXP 2023.Q3.1-2024.Q4.7 User Enumeration via Create Account
Aug 22, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-43752 MEDIUM
Liferay Portal 7.4.0-7.4.3.132 & DXP 2024.Q1.1-2024.Q1.15 - DoS via Unlimited File Upload
Aug 22, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-43753 MEDIUM
Liferay Portal 7.4.3.32-7.4.3.132 & DXP 2025.Q1.0-2025.Q1.7 Authenticated XSS in Embedded Message Field
Aug 21, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-43747 MEDIUM
Liferay DXP 2025.Q2.0-2025.Q2.3 SSRF via Analytics Domain Validation Bypass
Aug 21, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-43754 MEDIUM
Liferay Portal/DXP - Info Disclosure
Aug 21, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-43756 MEDIUM
Liferay Digital Experience Platform < 2024.q1.20 - XSS
Aug 21, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-43755 MEDIUM
Liferay DXP 2024.Q1.1-2024.Q1.17 - Authenticated Stored XSS via GroupPagesPortlet
Aug 21, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-43757 MEDIUM
Liferay Portal 7.4.0-7.4.3.132 & DXP 2024.Q1.1-2024.Q1.18 - Authenticated XSS via DDMPortlet Definition
Aug 20, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-43746 MEDIUM
Liferay DXP 2024.Q1.1-2024.Q1.18 - Authenticated XSS via DDMPortlet Parameters
Aug 20, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-43748 MEDIUM
Liferay Portal 7.0.0-7.4.3.119 and Liferay DXP 2024.Q1.1-2024.Q1.6 - Cross-Site Request Forgery
Aug 20, 2025
CVSS 6.8
EPSS 0.00
CVE-2025-43750 MEDIUM
Liferay Portal 7.4.0-7.4.3.132 & DXP Unauthenticated File Upload via Form Attachment
Aug 20, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-43749 MEDIUM
Liferay Portal/DXP - Info Disclosure
Aug 20, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-43742 MEDIUM
Liferay Portal 7.4.0-7.4.3.132 & DXP 2024.Q1.1-2024.Q1.14 - Reflected XSS via Friendly URLs
Aug 20, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-43741 MEDIUM
Liferay DXP 2024.Q1.1-2024.Q1.14 Authenticated XSS via UsersAdminPortlet assetTagNames
Aug 20, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-43744 MEDIUM
Liferay DXP 2024.Q1.1-2024.Q1.19 - Stored DOM-Based Cross-Site Scripting in Asset Publisher Configuration UI
Aug 19, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-43743 MEDIUM
Liferay Portal 7.4.0-7.4.3.132 & DXP Authenticated User Enumeration via Calendar Access
Aug 19, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-43745 MEDIUM
Liferay Digital Experience Platform 2024.Q1.1-2024.Q1.19 - Cross-Site Request Forgery via Endpoint Parameter
Aug 19, 2025
CVSS 6.5
EPSS 0.00
CVE-2025-43737 MEDIUM
Liferay Portal 7.4.0-7.4.3.131 & DXP 2025.Q1.0-2025.Q1.15 - Authenticated XSS via JournalPortlet backURL
Aug 19, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-43738 MEDIUM
Liferay Portal 7.4.0-7.4.3.132 & DXP 2024.Q1.1-2024.Q1.19 - Authenticated XSS via Expando Portlet
Aug 19, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-43739 MEDIUM
Liferay Portal/DXP Email Content Modification via Calendar Portlet
Aug 19, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-43740 MEDIUM
Liferay Portal 7.4.3.120-132 & DXP 2024.Q1.9-19 - Authenticated Stored XSS in Message Boards
Aug 19, 2025
CVSS 5.4
EPSS 0.00
Products
liferay_portal 319 digital_experience_platform 264 dxp 39 liferay_enterprise_portal 9 DXP 2 Portal 2 portal 2 liferay 1 liferay_portal_enterprise 1
Quick Filters
Critical CVEs With Exploits In CISA KEV