Skip to Main Content
  • Ask
  • Blogs
  • Chat
  • Download
  • Feedback
  • Help
  • Learn
  • Projects
  • Log In

Known Vulnerabilities

  • Overview
  • Reporting Security Issues
  • Known Vulnerabilities
  • Hall of Fame

Releases

  • Liferay Portal 7.4
  • Liferay Portal 7.3
  • Liferay Portal 7.2
  • Liferay Portal 7.1
  • Liferay Portal 7.0
  • Liferay Portal 6.2 CE
  • Liferay Faces
  • Liferay DXP 7.4
  • Liferay DXP 7.3
  • Liferay DXP 7.2
  • LIferay DXP 7.1
  • LIferay DXP 7.0
  • Liferay DXP 2025.Q1
  • Liferay DXP 2024.Q4
  • Liferay DXP 2024 Q3
  • Liferay DXP 2024 Q2
  • Liferay DXP 2024 Q1
  • Liferay DXP 2023.Q4
  • Liferay DXP 2023.Q3
RSS
  • CVE-2025-4388 Reflected XSS in marketplace-app-manager-web

  • CVE-2025-2565 Exposure of data through form entry to unauthorized users

  • CVE-2025-2536 DOM based XSS at /o/layout-taglib/__liferay__/index.js

  • CVE-2025-3760 Stored XSS with radio button type custom fields

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.

  • Community
  • Ask
  • Events
  • Learn
  • Meet
  • Company
  • Blogs
  • Careers
  • Download
  • Open Source
  • Feedback
  • Contact Us

Copyright © 2025 Liferay, Inc

Powered by Liferay Portal CE™

We use cookies to deliver personalized content, analyze trends, administer the site, track user movements on the site, and collect demographic information about our user base as a whole. Accept all cookies for the best possible experience on our website or manage your preferences. Visit our Privacy Policy