跳转到主内容
  • Blogs
  • Feedback
  • Help
  • Meet
  • Known Vulnerabilities
  • Discuss
  • Download
  • Learn
  • Log In

Known Vulnerabilities

  • Security Overview
  • Reporting Security Issues
  • Known Vulnerabilities
  • Hall of Fame

Releases

  • Liferay Portal 7.4 U132
  • Liferay Portal 7.4
  • Liferay Portal 7.3
  • Liferay Portal 7.2
  • Liferay Portal 7.1
  • Liferay Portal 7.0
  • Liferay Portal 6.2 CE
  • Liferay Faces
  • Liferay DXP 7.4
  • Liferay DXP 7.3
  • Liferay DXP 7.2
  • LIferay DXP 7.1
  • LIferay DXP 7.0
  • Liferay DXP 2026.Q4
  • Liferay DXP 2026.Q3
  • Liferay DXP 2026.Q2
  • Liferay DXP 2026.Q1
  • Liferay DXP 2025.Q4
  • Liferay DXP 2025.Q3
  • Liferay DXP 2025.Q2
  • Liferay DXP 2025.Q1
  • Liferay DXP 2024.Q4
  • Liferay DXP 2024 Q3
  • Liferay DXP 2024 Q2
  • Liferay DXP 2024 Q1
  • Liferay DXP 2023.Q4
  • Liferay DXP 2023.Q3
RSS

  • CVE-2025-62275 Blogs images are visible to unauthenticated users

  • CVE-2025-62276 Private Cache-Control header for DM and AM file download

  • CVE-2025-62266 Insecure default for the property `redirect.url.security.mode`

  • CVE-2025-62257 Lockout mechanism doesn't prevent password enumeration brute force attacks

  • CVE-2025-62261 Cleartext storage of password reset tickets

  • CVE-2025-62262 Email address in LDAP import logs

  • CVE-2025-62263 Stored XSS with account role and organization name

  • CVE-2025-62255 Self-XSS with attachment file names in Knowledge Base

  • CVE-2025-62254 Very large ComboServlet responses

  • CVE-2025-43816 Memory leak when consuming the headless API for StructuredContents

  • CVE-2025-43814 Password reminder answers recorded in audit events

  • CVE-2025-43809 CSRF vulnerability with server (license) registration

  • CVE-2025-43801 DoS via unchecked input for loop condition in XML-RPC

  • CVE-2025-43805 Display Page Templates visible to unauthorized users

  • CVE-2025-43791 XSS with Rich Text fields in Data Engine

  • CVE-2025-43797 Insecure default site membership type

  • CVE-2025-62250 Portal fails to verify messages from the cluster network is trusted

  • CVE-2025-3760 Stored XSS with radio button type custom fields

  • CVE-2024-11993 Reflected XSS in Dispatch Name field

  • CVE-2025-43799 Change password requirement bypass

  • CVE-2025-43824 HTTP response injection/splitting vulnerability with vCard

  • CVE-2025-43830 XSS when viewing form entries with rich text fields

  • CVE-2025-62244 Edit publication page IDOR

  • CVE-2025-43827 IDOR audit events

  • CVE-2025-43826 Stored XSS with web content translation

  • CVE-2025-62246 Stored XSS with mentions in comments

  • CVE-2025-62251 The Menu Display Widget shows content to users without permission to view it

  • CVE-2025-62252 Assign user from another instance to an organization

  • CVE-2025-62265 <iframe> vulnerabilities in Blogs

  • CVE-2025-43795 Open redirect in System Settings, Instance Settings and Site Settings

  • CVE-2023-37940 XSS with "Service Class" in Service Access Policy

  • CVE-2025-62253 Open redirect in page administration

  • CVE-2025-3602 GraphQL queries does not limit depth

  • CVE-2025-3526 DoS vulnerability with SessionClicks

  • CVE-2025-3594 DoS vulnerability with SessionClicks

  • CVE-2025-43748 Insufficient CSRF protection for omni-administrator actions

  • CVE-2025-62259 Email address verification bypass

  • CVE-2025-43829 Stored XSS with SVG files in diagram type products

  • CVE-2024-26272 CSRF bypass related to `p_l_back_url` in content page editor

  • CVE-2024-38002 Regular users can edit workflow definition

  • CVE-2024-25151 Possible XSS & content spoofing in notifications emails

  • CVE-2024-26266 Stored XSS with user name in Announcements & Alerts

  • CVE-2024-26269 XSS with anchor/hash part of a URL in portlet.js

  • CVE-2023-42496 XSS with `tabs2` in role assignment

  • CVE-2024-25603 Stored XSS with instanceId in DDMForm

  • CVE-2024-25152 Stored XSS with message board file attachment

  • CVE-2024-25601 Stored XSS with geolocation custom fields

  • CVE-2024-25602 Stored XSS with organization name in edit user

  • CVE-2024-25147 HtmlUtil.escapeJSLink circumvention

  • CVE-2024-26268 User enumeration vulnerability by comparing login response time

  • CVE-2024-26267 Insecure default for the property `http.header.version.verbosity`

  • CVE-2024-26265 File system flooding through the Image Uploader

  • CVE-2024-25610 Stored XSS with Blog entries (Insecure defaults)

  • CVE-2024-25609 HtmlUtil.escapeRedirect circumvention with two forward slash

  • CVE-2024-25608 Open redirect vulnerability using Replacement Character

  • CVE-2024-25607 Default password hashing algorithm do not provide sufficient protection

  • CVE-2024-25606 XXE vulnerability in Java2WsddTask._format

  • CVE-2024-25605 Unauthorized access to Web Content templates

  • CVE-2024-25604 User can access and edit their own permissions

  • CVE-2024-25150 User full name disclosure in page title

  • CVE-2024-25149 Users without parent site membership can be registered on child sites

  • CVE-2022-45320 Wiki page privilege escalation

  • CVE-2024-25148 'doAsUserId' value may get leaked when using WYSIWYG editor to create content

  • CVE-2024-25146 Unauthorized users can discover if a site exist

  • CVE-2024-25145 Stored XSS with search results if highlighting is disabled

  • CVE-2024-25144 DoS via a self-referencing IFrame

  • CVE-2024-25143 DoS vulnerabilities via crafted PNG image

  • CVE-2021-29050 CSRF vulnerability in Terms of Use page

  • CVE-2021-29038 Password reminder answers are not obfuscated

  • CVE-2023-47798 Account lockout does not invalidate user sessions

  • CVE-2023-44310 XSS with page name in Page Tree

  • CVE-2023-42628 XSS with child wiki pages

  • CVE-2023-42627 Multiple stored XSS with shipping & billing address

  • CVE-2023-33937 Stored XSS with form name in form configuration

  • CVE-2023-33938 Stored XSS with object name in App Builder

  • CVE-2023-33939 Stored XSS in Modified Facet

  • CVE-2023-33944 XSS with container layout fragment URL

  • CVE-2023-33945 SQL injection in SQL Server upgrades

  • CVE-2023-33949 Users do not have to verify their email address by default

  • CVE-2022-42132 LDAP credentials exposed in URL

  • CVE-2022-42131 DDMRESTDataProvider vulnerable to man-in-the-middle attack

  • CVE-2022-42130 Unauthorized access to form entries via API

  • CVE-2022-42129 Insecure direct object reference vulnerability with Form entries

  • CVE-2022-42126 User permissions are not checked for DepotGroupItemSelectorProvider

  • CVE-2022-42124 ReDoS vulnerability in upgrade of layout prototype name

  • CVE-2022-42123 Zip Slip vulnerability in Elasticsearch Connector

  • CVE-2022-42122 SQL injection in friendly URL upgrade

  • CVE-2022-42121 SQL injection vulnerability during page template upgrade

  • CVE-2022-42120 SQL injection vulnerability during fragment upgrade

  • CVE-2022-42119 Stored XSS with ERC in Commerce catalog

  • CVE-2022-42118 Reflected XSS with `tag` in Search

  • CVE-2022-42117 Reflected XSS with `label` attribute in <clay:label>

  • CVE-2022-42116 Reflected XSS with name & namespace parameter in integration with CKEditor

  • CVE-2022-42112 Stored XSS with sort by label in Search Sort widget

  • CVE-2022-42111 Stored XSS with a shared asset name in notification

  • CVE-2022-42110 Stored XSS with announcement/alert type

  • CVE-2022-38901 Stored XSS with categories selector fields

  • CVE-2022-38902 Stored XSS with SVG file description

  • CVE-2022-39975 Unauthorized access to "Content Page" previews

  • CST-2022-01 Insecure defaults: auth.login.prompt.enabled

  • CVE-2022-26593 Stored XSS with category name in asset categories selector

  • CVE-2022-26594 XSS vulnerability with form field help text

  • CVE-2022-26595 Unauthorized access to site/group list

  • CVE-2022-26597 Stored XSS with site name in Open Graph integration

  • CVE-2022-28977 HtmlUtil.escapeRedirect circumvention with multiple forward slash

  • CVE-2022-28978 Stored XSS with user name in site membership

  • CVE-2022-28979 XSS in Custom Facet widget

  • CVE-2022-28982 Reflected XSS with tag name in <liferay-asset:asset-tags-selector>

  • CVE-2021-38263 Reflected XSS with Script page

  • CVE-2021-38265 Stored XSS with Collection name

  • CVE-2021-38267 Stored XSS with title and subtitle of blog entry

  • CVE-2021-38268 Site member can add new forms by default

  • CVE-2021-38269 Stored XSS with Gogo Shell output

  • CVE-2021-29053 SQL/HQL Injection in Commerce Address Web & Commerce Product Service

  • CVE-2021-29039 Stored XSS with Site name in Categories

  • CVE-2021-29040 Overly verbose JSON web services errors

  • CVE-2021-29043 S3 store's proxy password visible in System Settings

  • CVE-2021-29044 Stored XSS with membership request comment

  • CVE-2021-29045 Stored XSS with Destination URL of Redirection

  • CVE-2021-29046 Stored XSS with category name

  • CVE-2021-29047 SimpleCaptcha answer reuse

  • CVE-2021-29048 Stored XSS with Site Page name

  • CVE-2021-29051 Reflected XSS with 'assetEntryId' in Asset Publisher

  • CVE-2021-29052 Unauthorized users can view DDMStructures

  • CVE-2021-33320 Flagging content as inappropriate is not rate limited

  • CVE-2021-33321 Insecure default configuration allows for user enumeration using forgot password

  • CVE-2021-33322 Password change does not invalidate password reset tokens

  • CVE-2021-33323 Unauthenticated form drafts are visible to everybody

  • CVE-2021-33324 Unauthorized users can view a site's pages via page administration

  • CVE-2021-33325 User's unencrypted passwords stored in database

  • CVE-2021-33326 XSS with the title of a modal window

  • CVE-2021-33327 Unauthorized users can view the Guest and User roles

  • CVE-2021-33328 Stored XSS with Web Content Structure names and Document Types names in Categories Admin

  • CVE-2021-33330 CORS should not work with Portal Session authentication

  • CVE-2021-33331 Open redirect vulnerability in notifications

  • CVE-2021-33332 Reflected XSS with portletId in Look and Feel Configuration

  • CVE-2021-33333 Unauthorized users can view and delete workflow submissions

  • CVE-2021-33334 Unauthorized users can view forms and form entries

  • CVE-2021-33335 Non-company admins can edit company admins

  • CVE-2021-33336 Stored XSS with Structure name

  • CVE-2021-33337 Stored XSS with Document Types in Documents and Media

  • CVE-2021-33338 Adding pages exposes CSRF token

  • CVE-2021-33339 Stored XSS with Site name in Fragment portlet

  • CVE-2022-26596 Stored XSS with Template name

  • CST-7307 Unauthorized users can delete a staging publishing process

  • CST-7308 'portlet.resource.id.banned.paths.regexp' bypass with doubled encoded URLs

  • CST-7309 User enumeration via forget password

  • CST-7310 Reflected XSS in Page Fragments' edit page

  • CST-7311 Blog cover image extension circumvention

  • CST-7312 Libraries with known vulnerabilities in 7.2.1 and 7.3.2

  • CST-7313 Stored XSS with user name in workflow definition editor

  • CST-7314 Viewing Calendar widget prevents Instance Settings from saving

  • CST-7315 Unauthorized access to staged public pages's sitemap.xml

  • CST-7316 Reflected XSS with 'openId' in Login module

  • CST-7317 DoS vulnerability with multipart/form-data requests

  • CST-7318 Database DoS in URL Redirections Management

  • CST-7301 DDMDataProvider API leaks REST data provider password

  • CST-7302 Remote code execution with FreeMarker/Velocity templates

  • CST-7303 Circumvention of open redirect prevention using tabs

  • CST-7304 Stored XSS with user name in workflow assignments

  • CST-7305 Libraries with known vulnerabilities in 7.3.0 and 7.3.1

  • CST-7306 Unauthorized users can view a site's user groups

Community
Company
Feedback
Blogs
Discuss
Meet
Open Source
Download
Events
Learn
Careers
Contact Us
Feedback
Help
Copyright © 2026 Liferay, Inc

Powered by Liferay™

Legal

Compliance

Privacy Policy

本网站使用 Cookie

我们使用 Cookie 来提供个性化内容、分析趋势、管理网站、跟踪用户在网站上的活动,以及收集有关我们整个用户群的受众信息。接受所有 Cookie 可在我们的网站上获得最佳体验或管理您的偏好设置。 访问我们的《隐私政策》