Search for packages
| purl | pkg:maven/com.liferay/com.liferay.layout.impl@2.0.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-c3ym-wtv5-hfhr
Aliases: CVE-2023-44310 GHSA-j5gv-w838-mmcx |
Liferay Portal and Liferay DXP Vulnerable to XSS via the Page Tree Menu Stored cross-site scripting (XSS) vulnerability in Page Tree menu in Liferay Layout Implementation before 6.0.102 from Liferay Portal (7.3.6 through 7.4.3.78), and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into page's "Name" text field. |
Affected by 1 other vulnerability. |
|
VCID-d1k2-fs6n-xkhx
Aliases: CVE-2025-43759 GHSA-w3cr-3xw2-rp78 |
Liferay Portal users are able to add system admin portlets to pages Liferay Portal versions 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows admin users of a virtual instance to add pages that are not in the default/main virtual instance, then any tenant can create a list of all other tenants. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-06T05:59:39.509347+00:00 | GitLab Importer | Affected by | VCID-d1k2-fs6n-xkhx | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.liferay/com.liferay.layout.impl/CVE-2025-43759.yml | 38.6.0 |
| 2026-06-06T04:14:09.420480+00:00 | GitLab Importer | Affected by | VCID-c3ym-wtv5-hfhr | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.liferay/com.liferay.layout.impl/CVE-2023-44310.yml | 38.6.0 |