跳转到主内容

Blogs
Feedback
Help
Meet
Known Vulnerabilities
Discuss
Download
Learn
Log In

Known Vulnerabilities

Security Overview
Reporting Security Issues
Known Vulnerabilities
Hall of Fame

Releases

Liferay Portal 7.4 U132

Liferay Portal 7.4

Liferay Portal 7.3

Liferay Portal 7.2

Liferay Portal 7.1

Liferay Portal 7.0

Liferay Portal 6.2 CE

Liferay DXP 7.4

Liferay DXP 7.3

Liferay DXP 7.2

LIferay DXP 7.1

LIferay DXP 7.0

Liferay DXP 2026.Q4

Liferay DXP 2026.Q3

Liferay DXP 2026.Q2

Liferay DXP 2026.Q1

Liferay DXP 2025.Q4

Liferay DXP 2025.Q3

Liferay DXP 2025.Q2

Liferay DXP 2025.Q1

Liferay DXP 2024.Q4

Liferay DXP 2024 Q3

Liferay DXP 2024 Q2

Liferay DXP 2024 Q1

Liferay DXP 2023.Q4

Liferay DXP 2023.Q3

CVE-2025-43825 Sensible user data available to freemarker template
CVE-2025-43787 Stored XSS via organization site names
CVE-2025-43776 The Process Builder's Configuration tab fails to properly escape stored JavaScript code
CVE-2025-43777 Internal server error message in the response body
CVE-2025-43778 Stored XSS on the name of a fieldset
CVE-2025-43773 Missing permission checks in expandoTableLocalService
CVE-2025-43744 Stored DOM-Based XSS in the Asset Publisher configuration UI
CVE-2025-43740 Stored XSS in message boards feature
CVE-2025-43738 Reflected XSS via ExpandoPortlet displayType parameter
CVE-2025-43737 Reflected XSS through JournalPortlet backUrl parameter
CVE-2025-43745 CSRF vulnerability in 'endpoint' parameter
CVE-2025-43746 Reflected XSS in Dynamic Data Mapping portletNamespace and Portlet_namespace parameter
CVE-2025-43757 Reflected XSS in Dynamic Data Mapping DDMPortlet_definition parameter
CVE-2025-43756 Reflected XSS in snippet parameter
CVE-2025-43760 Reflected XSS in back button for My Sites Portlet
CVE-2025-43752 Temp file upload in attachment field object entry is not cleaned up
CVE-2025-43755 Stored XSS via GroupPagesPortlet_type parameter
CVE-2025-43734 Reflected XSS in Clay Button taglib
CVE-2025-4604 CAPTCHA Bypass for Gogo Shell
CVE-2025-3639 Sign in via GET method when MFA enabled
CVE-2025-43732 IDOR in groupID parameter
CVE-2025-62247 Blueprint Collection Providers are exposed for reading and selection by other unauthorized instances
CVE-2025-62248 Regression of the Reflected XSS in DDMPortlet_definition parameter
CVE-2025-62249 Reflected XSS in google_widget
CVE-2025-43736 Liferay allows more than 300kb profile picture into the user profile
CVE-2025-43753 Reflected XSS in Embedded Message field from the form container
CVE-2025-43733 Reflected XSS with page name in document View Usages
CVE-2025-43731 Reflected XSS in Message Board Threads and Categories
CVE-2025-43739 Observable discrepancy in calendar portlet
CVE-2025-4655 SSRF in FreeMarker templates
CVE-2025-43758 Unauthenticated users can access loaded files via URL before submitting the object entry
CVE-2025-43743 User enumeration in calendar portlet
CVE-2025-4576 Reflected XSS in blogs-web
CVE-2025-4581 Blind SSRF in portal-settings-authentication-opensso-web
CVE-2025-43742 Reflected XSS in friendly urls with display page template
CVE-2025-43741 Reflected XSS in assetTagNames parameter
CVE-2025-4599 Cross-Site Scripting (XSS) Vulnerability in Fragment Preview Functionality
CVE-2025-43749 Unauthenticated users can access loaded files via URL before submitting the form
CVE-2025-43762 Users can upload an unlimited amount of files
CVE-2025-43750 Liferay form upload field allows to obfuscate file extensions

Community

Company

Feedback

Blogs

Discuss

Meet

Open Source

Download

Events

Learn

Careers

Contact Us

Feedback

Help

Copyright © 2026 Liferay, Inc

Powered by Liferay™

本网站使用 Cookie

我们使用 Cookie 来提供个性化内容、分析趋势、管理网站、跟踪用户在网站上的活动，以及收集有关我们整个用户群的受众信息。接受所有 Cookie 可在我们的网站上获得最佳体验或管理您的偏好设置。访问我们的《隐私政策》