Vulnerabilidades en Liferay
210 resultadosCVE-2025-62254MEDIUMThe ComboServlet in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 202EPSS 0.5%CVE-2024-25606HIGHXXE vulnerability in Liferay Portal 7.2.0 through 7.4.3.7, and older unsupported versions, and Liferay DXP 7.4 before update 4, 7.3 before uEPSS 0.5%CVE-2024-25605MEDIUMThe Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack EPSS 0.5%CVE-2025-3526HIGHSessionClicks in Liferay Portal 7.0.0 through 7.4.3.21, and Liferay DXP 7.4 GA through update 9, 7.3 GA through update 25, and older unsuppoEPSS 0.5%CVE-2024-25151MEDIUMThe Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 beEPSS 0.5%CVE-2025-3639LOWLiferay Portal 7.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13EPSS 0.5%CVE-2023-35029MEDIUMOpen redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 updateEPSS 0.5%CVE-2025-43772HIGHKaleo Forms Admin in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 27, and older unsupported versions EPSS 0.5%CVE-2025-43813MEDIUMPossible path traversal vulnerability and denial-of-service in the ComboServlet in Liferay Portal 7.4.0 through 7.4.3.107, and older unsuppoEPSS 0.5%CVE-2023-44310CRITICALStored cross-site scripting (XSS) vulnerability in Page Tree menu Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix pack 1 throEPSS 0.5%CVE-2023-33941MEDIUMMultiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay EPSS 0.5%CVE-2023-44309CRITICALMultiple stored cross-site scripting (XSS) vulnerabilities in the fragment components in Liferay Portal 7.4.2 through 7.4.3.53, and Liferay EPSS 0.5%CVE-2023-44311CRITICALMultiple reflected cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class iEPSS 0.5%CVE-2023-42497CRITICALReflected cross-site scripting (XSS) vulnerability on the Export for Translation page in Liferay Portal 7.4.3.4 through 7.4.3.85, and LiferaEPSS 0.5%CVE-2023-3193MEDIUMCross-site scripting (XSS) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, and Liferay DEPSS 0.5%CVE-2023-33943MEDIUMCross-site scripting (XSS) vulnerability in the Account module in Liferay Portal 7.4.3.21 through 7.4.3.62, and Liferay DXP 7.4 update 21 thEPSS 0.4%CVE-2023-33937MEDIUMStored cross-site scripting (XSS) vulnerability in Form widget configuration in Liferay Portal 7.1.0 through 7.3.0, and Liferay DXP 7.1 befoEPSS 0.4%CVE-2024-26270MEDIUMThe Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 76 through 92 EPSS 0.4%CVE-2024-25150MEDIUMInformation disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and LiferayEPSS 0.4%CVE-2023-3426MEDIUMThe organization selector in Liferay Portal 7.4.3.81 through 7.4.3.85, and Liferay DXP 7.4 update 81 through 85 does not check user permissiEPSS 0.4%