Pular para o Conteúdo principal
  • Blogs
  • Feedback
  • Help
  • Meet
  • Chat
  • Discuss
  • Download
  • Learn
  • Log In

Known Vulnerabilities

  • Security Overview
  • Reporting Security Issues
  • Known Vulnerabilities
  • Hall of Fame

Releases

  • Liferay Portal 7.4 U132
  • Liferay Portal 7.4
  • Liferay Portal 7.3
  • Liferay Portal 7.2
  • Liferay Portal 7.1
  • Liferay Portal 7.0
  • Liferay Portal 6.2 CE
  • Liferay Faces
  • Liferay DXP 7.4
  • Liferay DXP 7.3
  • Liferay DXP 7.2
  • LIferay DXP 7.1
  • LIferay DXP 7.0
  • Liferay DXP 2026.Q4
  • Liferay DXP 2026.Q3
  • Liferay DXP 2026.Q2
  • Liferay DXP 2026.Q1
  • Liferay DXP 2025.Q4
  • Liferay DXP 2025.Q3
  • Liferay DXP 2025.Q2
  • Liferay DXP 2025.Q1
  • Liferay DXP 2024.Q4
  • Liferay DXP 2024 Q3
  • Liferay DXP 2024 Q2
  • Liferay DXP 2024 Q1
  • Liferay DXP 2023.Q4
  • Liferay DXP 2023.Q3
RSS

  • CVE-2025-62267 Stored XSS in web content template's select structure page

  • CVE-2025-62264 Reflected XSS with `selectedLanguageId` in Languauge Override

  • CVE-2025-62275 Blogs images are visible to unauthenticated users

  • CVE-2025-62276 Private Cache-Control header for DM and AM file download

  • CVE-2025-62266 Insecure default for the property `redirect.url.security.mode`

  • CVE-2025-62257 Lockout mechanism doesn't prevent password enumeration brute force attacks

  • CVE-2025-62258 CSRF vulnerability with headless API

  • CVE-2025-62260 Headless API does not limit page size

  • CVE-2025-62261 Cleartext storage of password reset tickets

  • CVE-2025-62262 Email address in LDAP import logs

  • CVE-2025-62263 Stored XSS with account role and organization name

  • CVE-2025-62255 Self-XSS with attachment file names in Knowledge Base

  • CVE-2025-62256 OpenAPI authentication bypass

  • CVE-2025-62254 Very large ComboServlet responses

  • CVE-2025-43825 Sensible user data available to freemarker template

  • CVE-2025-43816 Memory leak when consuming the headless API for StructuredContents

  • CVE-2025-43819 User session is not killed by SLO API

  • CVE-2025-43814 Password reminder answers recorded in audit events

  • CVE-2025-43806 Unauthorized access to exported data from batch engine

  • CVE-2025-43809 CSRF vulnerability with server (license) registration

  • CVE-2025-43801 DoS via unchecked input for loop condition in XML-RPC

  • CVE-2025-43804 Reflected XSS in Search widget

  • CVE-2025-43805 Display Page Templates visible to unauthorized users

  • CVE-2025-43791 XSS with Rich Text fields in Data Engine

  • CVE-2025-43792 Staging site data exfiltration

  • CVE-2025-43793 Supercookie

  • CVE-2025-43794 XSS with CDN host name

  • CVE-2025-43797 Insecure default site membership type

  • CVE-2025-43798 Time-based One-Time Password (TOTP) reuse

  • CVE-2025-43800 XSS with rich text type fields in objects

  • CVE-2025-43787 Stored XSS via organization site names

  • CVE-2025-43796 GraphQL does not limit page size

  • CVE-2025-43784 Illegal access to Object Entries information from the API Builder

  • CVE-2025-43785 Stored XSS in Workflow Notifications

  • CVE-2025-43783 Reflected XSS on the "/c/portal/comment/discussion/get_editor" path

  • CVE-2025-43776 The Process Builder's Configuration tab fails to properly escape stored JavaScript code

  • CVE-2025-43777 Internal server error message in the response body

  • CVE-2025-43778 Stored XSS on the name of a fieldset

  • CVE-2025-43774 is a False Positive

  • CVE-2025-43763 SSRF in custom objects attachment fields

  • CVE-2025-43773 Missing permission checks in expandoTableLocalService

  • CVE-2025-43747 SSRF in Analytics Cloud domain validation

  • CVE-2025-43744 Stored DOM-Based XSS in the Asset Publisher configuration UI

  • CVE-2025-43740 Stored XSS in message boards feature

  • CVE-2025-43738 Reflected XSS via ExpandoPortlet displayType parameter

  • CVE-2025-43737 Reflected XSS through JournalPortlet backUrl parameter

  • CVE-2025-43745 CSRF vulnerability in 'endpoint' parameter

  • CVE-2025-43779 Reflected XSS in CPDefinitionsPortlet_productTypeName parameter

  • CVE-2025-43746 Reflected XSS in Dynamic Data Mapping portletNamespace and Portlet_namespace parameter

  • CVE-2025-43757 Reflected XSS in Dynamic Data Mapping DDMPortlet_definition parameter

  • CVE-2025-43756 Reflected XSS in snippet parameter

  • CVE-2025-43760 Reflected XSS in back button for My Sites Portlet

  • CVE-2025-43752 Temp file upload in attachment field object entry is not cleaned up

  • CVE-2025-43755 Stored XSS via GroupPagesPortlet_type parameter

  • CVE-2025-43734 Reflected XSS in Clay Button taglib

  • CVE-2025-4604 CAPTCHA Bypass for Gogo Shell

  • CVE-2025-3639 Sign in via GET method when MFA enabled

  • CVE-2025-43732 IDOR in groupID parameter

  • CVE-2025-62247 Blueprint Collection Providers are exposed for reading and selection by other unauthorized instances

  • CVE-2025-62248 Regression of the Reflected XSS in DDMPortlet_definition parameter

  • CVE-2025-62249 Reflected XSS in google_widget

  • CVE-2025-62250 Portal fails to verify messages from the cluster network is trusted

  • CVE-2025-4388 Reflected XSS in marketplace-app-manager-web

  • CVE-2025-43736 Liferay allows more than 300kb profile picture into the user profile

  • CVE-2025-43753 Reflected XSS in Embedded Message field from the form container

  • CVE-2025-43733 Reflected XSS with page name in document View Usages

  • CVE-2025-43731 Reflected XSS in Message Board Threads and Categories

  • CVE-2025-43739 Observable discrepancy in calendar portlet

  • CVE-2025-43790 Object entries can be related with entries of other instances

  • CVE-2025-43789 JSON Web Services published to OSGi are registered and invoked directly as classes

  • CVE-2025-43782 Unauthorized access to workflow definition via API

  • CVE-2025-43788 Unauthorized view access to Organization names

  • CVE-2025-43781 Reflected XSS in search bar portlet

  • CVE-2025-4655 SSRF in FreeMarker templates

  • CVE-2025-43758 Unauthenticated users can access loaded files via URL before submitting the object entry

  • CVE-2025-43743 User enumeration in calendar portlet

  • CVE-2025-4576 Reflected XSS in blogs-web

  • CVE-2025-4581 Blind SSRF in portal-settings-authentication-opensso-web

  • CVE-2025-43742 Reflected XSS in friendly urls with display page template

  • CVE-2025-43741 Reflected XSS in assetTagNames parameter

  • CVE-2025-43768 JSONWS API endpoint shares sensitive information

  • CVE-2025-43767 Open redirect in /c/portal/edit_info_item parameter redirect

  • CVE-2025-43766 Unrestricted upload of file in the style books component

  • CVE-2025-43765 Stored cross-site scripting in text field of the web content structure

  • CVE-2025-43764 ReDoS with Role Name search in KaleoDesignerPortlet

  • CVE-2025-43754 Username enumeration vulnerability when updating user old password encryption

  • CVE-2025-43770 Reflected XSS with the referer and forward parameter

  • CVE-2025-43751 User enumeration using create account

  • CVE-2025-43735 Reflected XSS in google_widget

  • CVE-2025-43761 Reflected XSS in CKeditor 4.21.0 endpoint

  • CVE-2025-4599 Cross-Site Scripting (XSS) Vulnerability in Fragment Preview Functionality

  • CVE-2025-43759 Users are able to add system admin portlets to pages

  • CVE-2025-43749 Unauthenticated users can access loaded files via URL before submitting the form

  • CVE-2025-43762 Users can upload an unlimited amount of files

  • CVE-2025-43750 Liferay form upload field allows to obfuscate file extensions

  • CVE-2025-2565 Exposure of data through form entry to unauthorized users

  • CVE-2025-2536 DOM based XSS at /o/layout-taglib/__liferay__/index.js

  • CVE-2025-43786 Enumeration of ERC from Object Entry by time response

  • CVE-2025-3760 Stored XSS with radio button type custom fields

  • CVE-2025-43769 Stored XSS in Components portlet

  • CVE-2025-43775 Stored XSS in remote apps component

  • CVE-2024-11993 Reflected XSS in Dispatch Name field

  • CVE-2025-43799 Change password requirement bypass

  • CVE-2025-43824 HTTP response injection/splitting vulnerability with vCard

  • CVE-2025-43803 IDOR vulnerable in Contacts Center

  • CVE-2025-43830 XSS when viewing form entries with rich text fields

  • CVE-2025-43771 XSS with flagged content notifications

  • CVE-2025-43807 XSS with publication invitation notifications

  • CVE-2025-62244 Edit publication page IDOR

  • CVE-2025-62245 CSRF vulnerability with publication comments

  • CVE-2025-43810 Adding a note to an order from another virtual instance

  • CVE-2025-62241 Access to shipment address in another instance

  • CVE-2025-43827 IDOR audit events

  • CVE-2025-43826 Stored XSS with web content translation

  • CVE-2025-62246 Stored XSS with mentions in comments

  • CVE-2025-62251 The Menu Display Widget shows content to users without permission to view it

  • CVE-2025-62252 Assign user from another instance to an organization

  • CVE-2025-62265 <iframe> vulnerabilities in Blogs

  • CVE-2025-43812 Stored XSS with structure name in template

  • CVE-2025-43808 Unauthorized access the virtual products

  • CVE-2025-43795 Open redirect in System Settings, Instance Settings and Site Settings

  • CVE-2023-37940 XSS with "Service Class" in Service Access Policy

  • CVE-2025-62253 Open redirect in page administration

  • CVE-2025-3602 GraphQL queries does not limit depth

  • CVE-2025-43813 Possible path traversal and DoS with Combo Servlet

  • CVE-2025-43817 Reflected XSS with redirect parameter in Announcements and Alerts

  • CVE-2025-3526 DoS vulnerability with SessionClicks

  • CVE-2025-3594 DoS vulnerability with SessionClicks

  • CVE-2025-43772 DoS vulnerability in Kaleo Forms Admin

  • CVE-2025-3586 Instance Admin can execute code using Objects Actions and Validations

  • CVE-2025-43748 Insufficient CSRF protection for omni-administrator actions

  • CVE-2024-8980 Mitigate against simple XSS attacks against script console

  • CVE-2025-62259 Email address verification bypass

  • CVE-2025-43802 XSS with `externalReferenceCode` in Objects

  • CVE-2025-62242 Access to another account's address

  • CVE-2025-62243 Multiple vulnerabilities related to publication comments

  • CVE-2025-62237 XSS with account name in orders

  • CVE-2025-62238 XSS with account name in account settings

  • CVE-2025-62239 XSS with workflow process builder

  • CVE-2025-43829 Stored XSS with SVG files in diagram type products

  • CVE-2025-43821 Stored XSS with product name in Commerce Product Comparison Table

  • CVE-2025-43822 Stored XSS with Term name on view order page

  • CVE-2025-43823 Stored XSS with product name in Commerce Search Result

  • CVE-2025-43811 XSS vulnerability with user name when selecting a related asset

  • CVE-2025-62240 XSS with user name in calendar event

  • CVE-2025-43820 Stored XSS with user name

  • CVE-2025-43818 Stored XSS with Calendar name

  • CVE-2024-26271 CSRF bypass related to `backURL` in My Account

  • CVE-2024-26273 CSRF bypass related to `redirect` in Commerce Catalogs

  • CVE-2024-26272 CSRF bypass related to `p_l_back_url` in content page editor

  • CVE-2025-43815 Reflected XSS with `backURLTitle` in page administration

  • CVE-2024-38002 Regular users can edit workflow definition

  • CVE-2023-47795 XSS with Document and Media document title

  • CVE-2024-25151 Possible XSS & content spoofing in notifications emails

  • CVE-2023-40191 XSS with with Account "Blocked Email Domains"

  • CVE-2023-42498 XSS with `key` in language override

  • CVE-2024-26266 Stored XSS with user name in Announcements & Alerts

  • CVE-2024-26269 XSS with anchor/hash part of a URL in portlet.js

  • CVE-2023-42496 XSS with `tabs2` in role assignment

  • CVE-2024-25603 Stored XSS with instanceId in DDMForm

  • CVE-2024-25152 Stored XSS with message board file attachment

  • CVE-2024-25601 Stored XSS with geolocation custom fields

  • CVE-2024-25602 Stored XSS with organization name in edit user

  • CVE-2024-25147 HtmlUtil.escapeJSLink circumvention

  • CVE-2024-26270 User's hashed password appears in page's HTML source

  • CVE-2024-26268 User enumeration vulnerability by comparing login response time

  • CVE-2024-26267 Insecure default for the property `http.header.version.verbosity`

  • CVE-2024-26265 File system flooding through the Image Uploader

  • CVE-2024-25610 Stored XSS with Blog entries (Insecure defaults)

  • CVE-2024-25609 HtmlUtil.escapeRedirect circumvention with two forward slash

  • CVE-2024-25608 Open redirect vulnerability using Replacement Character

  • CVE-2024-25607 Default password hashing algorithm do not provide sufficient protection

  • CVE-2024-25606 XXE vulnerability in Java2WsddTask._format

  • CVE-2024-25605 Unauthorized access to Web Content templates

  • CVE-2024-25604 User can access and edit their own permissions

  • CVE-2024-25150 User full name disclosure in page title

  • CVE-2023-44308 Open redirect in adaptive media

  • CVE-2023-5190 Open redirect in Countries Management

  • CVE-2024-25149 Users without parent site membership can be registered on child sites

  • CVE-2022-45320 Wiki page privilege escalation

  • CVE-2024-25148 'doAsUserId' value may get leaked when using WYSIWYG editor to create content

  • CVE-2024-25146 Unauthorized users can discover if a site exist

  • CVE-2024-25145 Stored XSS with search results if highlighting is disabled

  • CVE-2024-25144 DoS via a self-referencing IFrame

  • CVE-2024-25143 DoS vulnerabilities via crafted PNG image

  • CVE-2021-29050 CSRF vulnerability in Terms of Use page

  • CVE-2021-29038 Password reminder answers are not obfuscated

  • CVE-2023-47798 Account lockout does not invalidate user sessions

  • CVE-2023-47797 XSS with `p_l_back_url_title` on edit content page

  • CVE-2023-42497 XSS with `redirect` in export translation

  • CVE-2023-42629 Stored XSS vulnerability with vocabulary description

  • CVE-2023-44309 XSS with fragment components

  • CVE-2023-44310 XSS with page name in Page Tree

  • CVE-2023-44311 Reflected XSS with 'code' and 'error' in OAuth2ProviderApplicationRedirect

  • CVE-2023-42628 XSS with child wiki pages

  • CVE-2023-42627 Multiple stored XSS with shipping & billing address

  • CVE-2023-3426 Unauthorized view access to Organization names

  • CVE-2023-3193 Reflected XSS with backURL in SEO configuration

  • CVE-2023-35029 Open redirect with backURL in SEO configuration

  • CVE-2023-35030 CSRF/RCE with backURL in SEO configuration

Community
Company
Feedback
Blogs
Discuss
Meet
Open Source
Download
Events
Learn
Careers
Contact Us
Feedback
Help
Copyright © 2026 Liferay, Inc

Powered by Liferay™

Legal

Compliance

Privacy Policy

Este site utiliza cookies

Usamos cookies para fornecer conteúdo personalizado, analisar tendências, administrar o site, monitorar movimentações de usuários no site e coletar informações demográficas sobre nossa base de usuários como um todo. Aceite todos os cookies para a melhor experiência possível em nosso site ou gerencie suas preferências. Visite nossa Política de privacidade