Exposure of Liferay
CMS153
exposure score
6,555
sites use
0
exploited
23
critical
CVEs
210 resultsCVE-2025-43804MEDIUMCross-site scripting (XSS) vulnerability in Search widget in Liferay Portal 7.4.3.93 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1EPSS 0.2%CVE-2025-43777MEDIUMLiferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.QEPSS 0.2%CVE-2025-62248MEDIUMA reflected cross-site scripting (XSS) vulnerability, resulting from a regression, has been identified in Liferay Portal 7.4.0 through 7.4.EPSS 0.2%CVE-2025-3760MEDIUMA stored cross-site scripting (XSS) vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, andEPSS 0.2%CVE-2025-43824MEDIUMThe Profile widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2EPSS 0.2%CVE-2025-43778MEDIUMA Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.11, 20EPSS 0.2%CVE-2025-43785MEDIUMStored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.3.45 through 7.4.3.128, and Liferay DXP 2024 Q2.0 through 2024.Q2.9, 2EPSS 0.2%CVE-2025-43769MEDIUMStored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q3.1 through 2024.Q3.8, 2024EPSS 0.2%CVE-2025-43818MEDIUMCross-site scripting (XSS) vulnerability in the Calendar widget in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 throEPSS 0.2%CVE-2025-43800MEDIUMCross-site scripting (XSS) vulnerability in Objects in Liferay Portal 7.4.3.20 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 throuEPSS 0.2%CVE-2025-62259MEDIUMLiferay Portal 7.4.0 through 7.4.3.109, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 9EPSS 0.2%CVE-2025-43826MEDIUMStored cross-site scripting (XSS) vulnerabilities in Web Content translation in Liferay Portal 7.4.0 through 7.4.3.112, and older unsupporteEPSS 0.2%CVE-2025-43811MEDIUMMultiple stored cross-site scripting (XSS) vulnerability in the related asset selector in Liferay Portal 7.4.3.50 through 7.4.3.111, and LifEPSS 0.2%CVE-2025-43735MEDIUMA reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.QEPSS 0.2%CVE-2025-62239MEDIUMCross-site scripting (XSS) vulnerability in workflow process builder in Liferay Portal 7.4.3.21 through 7.4.3.111, and Liferay DXP 2023.Q4.0EPSS 0.2%CVE-2025-62263MEDIUMMultiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.7 through 7.4.3.103, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, EPSS 0.2%CVE-2025-62240MEDIUMMultiple cross-site scripting (XSS) vulnerabilities with Calendar events in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.EPSS 0.2%CVE-2025-4655MEDIUMSSRF vulnerability in FreeMarker templates in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0EPSS 0.2%CVE-2025-43757MEDIUMA reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.QEPSS 0.2%CVE-2025-43740MEDIUMA Stored cross-site scripting vulnerability in the Liferay Portal 7.4.3.120 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8, EPSS 0.2%
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →