liferay
340 tracked vulnerabilities.
CVE-2025-43731
MEDIUM
Liferay Portal 7.4.0-7.4.3.132 & DXP 2024.Q1.1-2024.Q1.16 - Authenticated XSS in Message Boards
Aug 18, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-3639
LOW
Liferay Portal 7.3.0-7.4.3.132 & DXP - Unauthenticated Authentication Bypass via POST to GET
Aug 18, 2025
EPSS 0.00
CVE-2025-43732
LOW
Liferay Portal/DXP Insecure Direct Object Reference via GroupId Parameter
Aug 18, 2025
CVSS 2.7
EPSS 0.00
CVE-2025-43733
MEDIUM
Liferay Portal 7.4.3.132 & DXP 2025.Q1.0-2025.Q1.7 - Authenticated XSS via Content Page Name
Aug 18, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-43734
MEDIUM
Liferay Portal 7.4.0-7.4.3.132 & DXP 2024.Q1.1-2024.Q1.16 - Authenticated XSS via Custom Sort Widget
Aug 12, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-43735
MEDIUM
Liferay Portal 7.4.0-7.4.3.131 & DXP 2024.Q1.1-2024.Q1.12 - Reflected XSS via google_gadget
Aug 12, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-43736
MEDIUM
Liferay Digital Experience Platform - Resource Allocation Without L...
Aug 12, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-4655
MEDIUM
Liferay DXP 2024.Q1.1-2024.Q1.15 - Server-Side Request Forgery via FreeMarker Template URL Bypass
Aug 09, 2025
CVSS 5.0
EPSS 0.00
CVE-2025-4581
HIGH
Liferay Portal 7.4.0-7.4.3.132 & DXP 2024.Q1.1-2025.Q1.4 - Blind SSRF via portal-settings-authentication-opensso-web
Aug 09, 2025
CVSS 8.6
EPSS 0.00
CVE-2025-4576
MEDIUM
NUCLEI
Liferay DXP 2024.Q1.1-2024.Q1.15 - Unauthenticated XSS in Blog Entry Cover Image Caption
Aug 08, 2025
CVSS 6.1
EPSS 0.06
CVE-2025-4604
MEDIUM
Liferay Digital Experience Platform 2024.Q1.1-2024.Q1.19 - Cross-Site Scripting via Captcha Bypass
Aug 04, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-4599
MEDIUM
Liferay DXP 2024.Q1.1-2024.Q1.13 - Unauthenticated XSS via Fragment Preview postMessage
Aug 04, 2025
CVSS 6.1
EPSS 0.00
CVE-2025-3594
CRITICAL
Liferay DXP 7.0.0-7.4.3.4 - Path Traversal & Arbitrary File Write via Xuggler
Jun 16, 2025
CVSS 9.8
EPSS 0.02
CVE-2025-3526
HIGH
Liferay DXP 7.0.0-7.4.3.21 & DXP 7.4 GA-Update 9, 7.3 GA-Update 25 - DoS via SessionClicks Parameter
Jun 16, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-3602
HIGH
Liferay Portal 7.4.0-7.4.3.97 and Liferay DXP 2023.Q3.1-2023.Q3.2 - Denial of Service via GraphQL Query Depth
Jun 16, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-4388
MEDIUM
NUCLEI
Liferay Portal 7.4.0-7.4.3.131 & DXP 2024.Q1.1-2024.Q1.12 - Reflected XSS in Marketplace App Manager
May 06, 2025
CVSS 6.1
EPSS 0.25
CVE-2025-3760
MEDIUM
Liferay Portal 7.2.0-7.4.3.129 & DXP 2024.Q4.1-2024.Q4.7 - Authenticated Stored XSS in Radio Button Fields
Apr 17, 2025
CVSS 5.4
EPSS 0.00
CVE-2025-2565
MEDIUM
Liferay Portal/DXP - Info Disclosure
Mar 20, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-2536
MEDIUM
Liferay Portal 7.4.3.82-7.4.3.128 & DXP 2023.Q3.1-2024.Q3.0 XSS via ToastData
Mar 19, 2025
CVSS 6.1
EPSS 0.00
CVE-2024-11993
MEDIUM
Liferay Portal 7.4.0-7.4.3.38 and Liferay DXP 7.4 GA-Update 38 - Reflected Cross-Site Scripting via Dispatch Name Field
Dec 17, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-8980
CRITICAL
Liferay Digital Experience Platform 6.2-7.4.3.101 - Cross-Site Request Forgery in Script Console
Oct 22, 2024
CVSS 9.6
EPSS 0.00
CVE-2024-38002
CRITICAL
Liferay Portal/DXP - Authenticated RCE
Oct 22, 2024
CVSS 9.0
EPSS 0.04
CVE-2024-26273
HIGH
Liferay Portal 7.4.0-7.4.3.103 and DXP 2023.Q3.1-2023.Q3.5 - Cross-Site Request Forgery via Content Page Editor
Oct 22, 2024
CVSS 8.8
EPSS 0.02
CVE-2024-26272
HIGH
Liferay Digital Experience Platform 2023.Q3.1-2023.Q3.5 - Cross-Site Request Forgery via p_l_back_url Parameter
Oct 22, 2024
CVSS 8.8
EPSS 0.06
CVE-2024-26271
HIGH
Liferay Digital Experience Platform 2023.Q3.1-2023.Q3.5 - Cross-Site Request Forgery via My Account Widget
Oct 22, 2024
CVSS 8.8
EPSS 0.02