CVE-2025-62267 Stored XSS in web content template's select structure page
CVE-2025-62264 Reflected XSS with `selectedLanguageId` in Languauge Override
CVE-2025-62275 Blogs images are visible to unauthenticated users
CVE-2025-62276 Private Cache-Control header for DM and AM file download
CVE-2025-62266 Insecure default for the property `redirect.url.security.mode`
CVE-2025-62257 Lockout mechanism doesn't prevent password enumeration brute force attacks
CVE-2025-62258 CSRF vulnerability with headless API
CVE-2025-62260 Headless API does not limit page size
CVE-2025-62261 Cleartext storage of password reset tickets
CVE-2025-62262 Email address in LDAP import logs
CVE-2025-62263 Stored XSS with account role and organization name
CVE-2025-62255 Self-XSS with attachment file names in Knowledge Base
CVE-2025-62256 OpenAPI authentication bypass
CVE-2025-62254 Very large ComboServlet responses
CVE-2025-43825 Sensible user data available to freemarker template
CVE-2025-43816 Memory leak when consuming the headless API for StructuredContents
CVE-2025-43814 Password reminder answers recorded in audit events
CVE-2025-43806 Unauthorized access to exported data from batch engine
CVE-2025-43809 CSRF vulnerability with server (license) registration
CVE-2025-43801 DoS via unchecked input for loop condition in XML-RPC
CVE-2025-43804 Reflected XSS in Search widget
CVE-2025-43805 Display Page Templates visible to unauthorized users
CVE-2025-43791 XSS with Rich Text fields in Data Engine
CVE-2025-43792 Staging site data exfiltration
CVE-2025-43793 Supercookie
CVE-2025-43794 XSS with CDN host name
CVE-2025-43797 Insecure default site membership type
CVE-2025-43798 Time-based One-Time Password (TOTP) reuse
CVE-2025-43800 XSS with rich text type fields in objects
CVE-2025-43796 GraphQL does not limit page size
CVE-2025-62250 Portal fails to verify messages from the cluster network is trusted
CVE-2025-43751 User enumeration using create account
CVE-2025-2565 Exposure of data through form entry to unauthorized users
CVE-2025-2536 DOM based XSS at /o/layout-taglib/__liferay__/index.js
CVE-2025-3760 Stored XSS with radio button type custom fields
CVE-2025-43799 Change password requirement bypass
CVE-2025-43824 HTTP response injection/splitting vulnerability with vCard
CVE-2025-43803 IDOR vulnerable in Contacts Center
CVE-2025-43830 XSS when viewing form entries with rich text fields
CVE-2025-43771 XSS with flagged content notifications
CVE-2025-43807 XSS with publication invitation notifications
CVE-2025-62244 Edit publication page IDOR
CVE-2025-62245 CSRF vulnerability with publication comments
CVE-2025-43810 Adding a note to an order from another virtual instance
CVE-2025-43827 IDOR audit events
CVE-2025-43826 Stored XSS with web content translation
CVE-2025-62246 Stored XSS with mentions in comments
CVE-2025-62251 The Menu Display Widget shows content to users without permission to view it
CVE-2025-62252 Assign user from another instance to an organization
CVE-2025-62265 <iframe> vulnerabilities in Blogs
CVE-2025-43812 Stored XSS with structure name in template
CVE-2025-43808 Unauthorized access the virtual products
CVE-2025-43795 Open redirect in System Settings, Instance Settings and Site Settings
CVE-2025-62253 Open redirect in page administration
CVE-2025-3602 GraphQL queries does not limit depth
CVE-2025-43813 Possible path traversal and DoS with Combo Servlet
CVE-2025-43817 Reflected XSS with redirect parameter in Announcements and Alerts
CVE-2025-3586 Instance Admin can execute code using Objects Actions and Validations
CVE-2025-43748 Insufficient CSRF protection for omni-administrator actions
CVE-2024-8980 Mitigate against simple XSS attacks against script console
CVE-2025-62259 Email address verification bypass
CVE-2025-43802 XSS with `externalReferenceCode` in Objects
CVE-2025-62242 Access to another account's address
CVE-2025-62243 Multiple vulnerabilities related to publication comments
CVE-2025-62237 XSS with account name in orders
CVE-2025-62238 XSS with account name in account settings
CVE-2025-62239 XSS with workflow process builder
CVE-2025-43829 Stored XSS with SVG files in diagram type products
CVE-2025-43821 Stored XSS with product name in Commerce Product Comparison Table
CVE-2025-43822 Stored XSS with Term name on view order page
CVE-2025-43823 Stored XSS with product name in Commerce Search Result
CVE-2025-43811 XSS vulnerability with user name when selecting a related asset
CVE-2025-62240 XSS with user name in calendar event
CVE-2025-43820 Stored XSS with user name
CVE-2025-43818 Stored XSS with Calendar name
CVE-2024-26271 CSRF bypass related to `backURL` in My Account
CVE-2024-26273 CSRF bypass related to `redirect` in Commerce Catalogs
CVE-2024-26272 CSRF bypass related to `p_l_back_url` in content page editor
CVE-2025-43815 Reflected XSS with `backURLTitle` in page administration
CVE-2024-38002 Regular users can edit workflow definition
CVE-2023-47795 XSS with Document and Media document title
CVE-2023-40191 XSS with with Account "Blocked Email Domains"
CVE-2023-42498 XSS with `key` in language override
CVE-2023-42496 XSS with `tabs2` in role assignment
CVE-2024-26270 User's hashed password appears in page's HTML source
CVE-2023-44308 Open redirect in adaptive media
CVE-2023-5190 Open redirect in Countries Management
Powered by Liferay™
Legal
Compliance
Privacy Policy
本网站使用 Cookie
我们使用 Cookie 来提供个性化内容、分析趋势、管理网站、跟踪用户在网站上的活动,以及收集有关我们整个用户群的受众信息。接受所有 Cookie 可在我们的网站上获得最佳体验或管理您的偏好设置。 访问我们的《隐私政策》
