Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.liferay.portal/release.portal.bom@7.4.3.53
Typemaven
Namespacecom.liferay.portal
Namerelease.portal.bom
Version7.4.3.53
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-39dv-ngxr-vbaj
vulnerability_id VCID-39dv-ngxr-vbaj
summary The Object module in Liferay Portal 7.4.3.4 through 7.4.3.60, and Liferay DXP 7.4 before update 61 does not segment object definition by virtual instance in search which allows remote authenticated users in one virtual instance to view object definition from a second virtual instance by searching for the object definition.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-33947
reference_id
reference_type
scores
0
value 0.00268
scoring_system epss
scoring_elements 0.50705
published_at 2026-06-12T12:55:00Z
1
value 0.00268
scoring_system epss
scoring_elements 0.50709
published_at 2026-06-14T12:55:00Z
2
value 0.00268
scoring_system epss
scoring_elements 0.50572
published_at 2026-06-11T12:55:00Z
3
value 0.00268
scoring_system epss
scoring_elements 0.50722
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-33947
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-33947
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-33947
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33947
reference_id cve-2023-33947
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:44:18Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33947
4
reference_url https://github.com/advisories/GHSA-769c-p92r-xgxj
reference_id GHSA-769c-p92r-xgxj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-769c-p92r-xgxj
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.61
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.61
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-4m1t-nd28-43b2
2
vulnerability VCID-55fq-h94e-kuep
3
vulnerability VCID-5rce-t9wm-4ycx
4
vulnerability VCID-5sft-4ab1-9kcg
5
vulnerability VCID-5ytw-d875-3yfe
6
vulnerability VCID-69x9-5buz-1yht
7
vulnerability VCID-6f8z-s1fz-57b2
8
vulnerability VCID-6jsv-kw7h-9yeu
9
vulnerability VCID-73u9-6qzv-t7f7
10
vulnerability VCID-7bjy-2h8a-ukbe
11
vulnerability VCID-99sz-6eag-3kff
12
vulnerability VCID-9seq-71yb-tfcf
13
vulnerability VCID-beqe-x5p8-23b9
14
vulnerability VCID-c2hc-pbr7-2yhz
15
vulnerability VCID-d49a-szjx-jub1
16
vulnerability VCID-d9qm-h8q2-sfda
17
vulnerability VCID-deaj-uts6-aqb5
18
vulnerability VCID-dztj-3hzz-3bcg
19
vulnerability VCID-eb9n-cwf1-fbga
20
vulnerability VCID-ep8t-7k2h-2kdp
21
vulnerability VCID-epds-vwku-cyed
22
vulnerability VCID-evtz-a8xn-e7b6
23
vulnerability VCID-ext6-8u2c-xufv
24
vulnerability VCID-f6z5-3pp9-7qey
25
vulnerability VCID-gfwc-qjpr-6fgf
26
vulnerability VCID-hqwn-t5mr-13ab
27
vulnerability VCID-hthn-qn9g-u3dv
28
vulnerability VCID-j2r3-g95d-hued
29
vulnerability VCID-kke1-d8nw-tyhj
30
vulnerability VCID-mmy3-eycu-q7bu
31
vulnerability VCID-p1dw-dttz-x7ee
32
vulnerability VCID-p3dp-ku5j-yke9
33
vulnerability VCID-pac3-4jrs-pqdg
34
vulnerability VCID-ph25-5qgg-zfer
35
vulnerability VCID-rcmj-djgg-bqf7
36
vulnerability VCID-ser9-x7zq-dqdv
37
vulnerability VCID-te96-dz9q-z3cy
38
vulnerability VCID-tkws-gscx-pff6
39
vulnerability VCID-twb2-9ane-tfdw
40
vulnerability VCID-u5rg-89bb-wbfy
41
vulnerability VCID-u9gz-jcnn-syby
42
vulnerability VCID-vcth-rrmy-5qej
43
vulnerability VCID-w2a5-j7ew-mbet
44
vulnerability VCID-w71u-16bg-nke4
45
vulnerability VCID-whty-vwsm-t7gt
46
vulnerability VCID-xftu-6k5q-7ub6
47
vulnerability VCID-xvs7-58y1-3ybj
48
vulnerability VCID-y38f-84j9-fygf
49
vulnerability VCID-zc53-8p5g-2kcv
50
vulnerability VCID-zkm4-bz55-9bb8
51
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.61
aliases CVE-2023-33947, GHSA-769c-p92r-xgxj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-39dv-ngxr-vbaj
1
url VCID-3cm9-v7g5-kfcn
vulnerability_id VCID-3cm9-v7g5-kfcn
summary A CSRF vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.7, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through update 92 allows remote attackers to performs cross-origin request on behalf of the authenticated user via the endpoint parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43745
reference_id
reference_type
scores
0
value 0.00036
scoring_system epss
scoring_elements 0.11139
published_at 2026-06-12T12:55:00Z
1
value 0.00036
scoring_system epss
scoring_elements 0.11102
published_at 2026-06-14T12:55:00Z
2
value 0.00036
scoring_system epss
scoring_elements 0.11072
published_at 2026-06-11T12:55:00Z
3
value 0.00036
scoring_system epss
scoring_elements 0.11133
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43745
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/037b58f96c9ded47960ab493a68d68aaf32b1a43
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/037b58f96c9ded47960ab493a68d68aaf32b1a43
3
reference_url https://github.com/liferay/liferay-portal/commit/2387ee78fd471ea1c1c4d696aa0cbb1bce72665e
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/2387ee78fd471ea1c1c4d696aa0cbb1bce72665e
4
reference_url https://github.com/liferay/liferay-portal/commit/729dfc202c9d2724b5f3f749ead14eb13832e101
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/729dfc202c9d2724b5f3f749ead14eb13832e101
5
reference_url https://liferay.atlassian.net/browse/LPE-18275
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-18275
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43745
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43745
7
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43745
reference_id CVE-2025-43745
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-19T19:15:28Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43745
8
reference_url https://github.com/advisories/GHSA-7q33-gwcm-r6cj
reference_id GHSA-7q33-gwcm-r6cj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7q33-gwcm-r6cj
fixed_packages
aliases CVE-2025-43745, GHSA-7q33-gwcm-r6cj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3cm9-v7g5-kfcn
2
url VCID-4m1t-nd28-43b2
vulnerability_id VCID-4m1t-nd28-43b2
summary Liferay Portal 7.4.0 through 7.4.3.109, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit access to APIs before a user has verified their email address, which allows remote users to access and edit content via the API.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-62259
reference_id
reference_type
scores
0
value 0.00057
scoring_system epss
scoring_elements 0.18104
published_at 2026-06-11T12:55:00Z
1
value 0.00057
scoring_system epss
scoring_elements 0.18261
published_at 2026-06-14T12:55:00Z
2
value 0.00057
scoring_system epss
scoring_elements 0.18287
published_at 2026-06-13T12:55:00Z
3
value 0.00057
scoring_system epss
scoring_elements 0.18267
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-62259
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62259
reference_id CVE-2025-62259
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-28T19:47:44Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62259
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-62259
reference_id CVE-2025-62259
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-62259
4
reference_url https://github.com/advisories/GHSA-gv7w-jh8g-vr73
reference_id GHSA-gv7w-jh8g-vr73
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gv7w-jh8g-vr73
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.110
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.110
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.110
1
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-5rce-t9wm-4ycx
2
vulnerability VCID-5ytw-d875-3yfe
3
vulnerability VCID-69x9-5buz-1yht
4
vulnerability VCID-6jsv-kw7h-9yeu
5
vulnerability VCID-73u9-6qzv-t7f7
6
vulnerability VCID-7bjy-2h8a-ukbe
7
vulnerability VCID-9seq-71yb-tfcf
8
vulnerability VCID-beqe-x5p8-23b9
9
vulnerability VCID-c2hc-pbr7-2yhz
10
vulnerability VCID-d9qm-h8q2-sfda
11
vulnerability VCID-dztj-3hzz-3bcg
12
vulnerability VCID-ep8t-7k2h-2kdp
13
vulnerability VCID-epds-vwku-cyed
14
vulnerability VCID-f6z5-3pp9-7qey
15
vulnerability VCID-gfwc-qjpr-6fgf
16
vulnerability VCID-hthn-qn9g-u3dv
17
vulnerability VCID-j2r3-g95d-hued
18
vulnerability VCID-kke1-d8nw-tyhj
19
vulnerability VCID-mmy3-eycu-q7bu
20
vulnerability VCID-p1dw-dttz-x7ee
21
vulnerability VCID-p3dp-ku5j-yke9
22
vulnerability VCID-ph25-5qgg-zfer
23
vulnerability VCID-qxsh-hm7q-5ban
24
vulnerability VCID-rcmj-djgg-bqf7
25
vulnerability VCID-tgj6-8vhq-23ae
26
vulnerability VCID-u5rg-89bb-wbfy
27
vulnerability VCID-vcth-rrmy-5qej
28
vulnerability VCID-w2a5-j7ew-mbet
29
vulnerability VCID-w71u-16bg-nke4
30
vulnerability VCID-whty-vwsm-t7gt
31
vulnerability VCID-xftu-6k5q-7ub6
32
vulnerability VCID-xvs7-58y1-3ybj
33
vulnerability VCID-y38f-84j9-fygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112
aliases CVE-2025-62259, GHSA-gv7w-jh8g-vr73
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4m1t-nd28-43b2
3
url VCID-55fq-h94e-kuep
vulnerability_id VCID-55fq-h94e-kuep
summary By default, Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions is vulnerable to DNS rebinding attacks, which allows remote attackers to redirect users to arbitrary external URLs. This vulnerability can be mitigated by changing the redirect URL security from IP to domain.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-62266
reference_id
reference_type
scores
0
value 0.00043
scoring_system epss
scoring_elements 0.13586
published_at 2026-06-11T12:55:00Z
1
value 0.00043
scoring_system epss
scoring_elements 0.13678
published_at 2026-06-14T12:55:00Z
2
value 0.00043
scoring_system epss
scoring_elements 0.13701
published_at 2026-06-12T12:55:00Z
3
value 0.00043
scoring_system epss
scoring_elements 0.13704
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-62266
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62256
reference_id CVE-2025-62256
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-30T19:06:36Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62256
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62257
reference_id CVE-2025-62257
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62257
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-62266
reference_id CVE-2025-62266
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-62266
5
reference_url https://github.com/advisories/GHSA-f5vh-4rj2-w8r8
reference_id GHSA-f5vh-4rj2-w8r8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f5vh-4rj2-w8r8
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.110
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.110
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.110
1
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-5rce-t9wm-4ycx
2
vulnerability VCID-5ytw-d875-3yfe
3
vulnerability VCID-69x9-5buz-1yht
4
vulnerability VCID-6jsv-kw7h-9yeu
5
vulnerability VCID-73u9-6qzv-t7f7
6
vulnerability VCID-7bjy-2h8a-ukbe
7
vulnerability VCID-9seq-71yb-tfcf
8
vulnerability VCID-beqe-x5p8-23b9
9
vulnerability VCID-c2hc-pbr7-2yhz
10
vulnerability VCID-d9qm-h8q2-sfda
11
vulnerability VCID-dztj-3hzz-3bcg
12
vulnerability VCID-ep8t-7k2h-2kdp
13
vulnerability VCID-epds-vwku-cyed
14
vulnerability VCID-f6z5-3pp9-7qey
15
vulnerability VCID-gfwc-qjpr-6fgf
16
vulnerability VCID-hthn-qn9g-u3dv
17
vulnerability VCID-j2r3-g95d-hued
18
vulnerability VCID-kke1-d8nw-tyhj
19
vulnerability VCID-mmy3-eycu-q7bu
20
vulnerability VCID-p1dw-dttz-x7ee
21
vulnerability VCID-p3dp-ku5j-yke9
22
vulnerability VCID-ph25-5qgg-zfer
23
vulnerability VCID-qxsh-hm7q-5ban
24
vulnerability VCID-rcmj-djgg-bqf7
25
vulnerability VCID-tgj6-8vhq-23ae
26
vulnerability VCID-u5rg-89bb-wbfy
27
vulnerability VCID-vcth-rrmy-5qej
28
vulnerability VCID-w2a5-j7ew-mbet
29
vulnerability VCID-w71u-16bg-nke4
30
vulnerability VCID-whty-vwsm-t7gt
31
vulnerability VCID-xftu-6k5q-7ub6
32
vulnerability VCID-xvs7-58y1-3ybj
33
vulnerability VCID-y38f-84j9-fygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112
aliases CVE-2025-62266, GHSA-f5vh-4rj2-w8r8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-55fq-h94e-kuep
4
url VCID-5rce-t9wm-4ycx
vulnerability_id VCID-5rce-t9wm-4ycx
summary Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allow users to upload an unlimited amount of files through the object entries attachment fields, the files are stored in the document_library allowing an attacker to cause a potential DDoS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43752
reference_id
reference_type
scores
0
value 0.00119
scoring_system epss
scoring_elements 0.30592
published_at 2026-06-12T12:55:00Z
1
value 0.00119
scoring_system epss
scoring_elements 0.30598
published_at 2026-06-14T12:55:00Z
2
value 0.00119
scoring_system epss
scoring_elements 0.30396
published_at 2026-06-11T12:55:00Z
3
value 0.00119
scoring_system epss
scoring_elements 0.30611
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43752
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/45dda30252d83912307491d8ed8802577871fa25
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/45dda30252d83912307491d8ed8802577871fa25
3
reference_url https://github.com/liferay/liferay-portal/commit/f3e4723acdf15d3f690d401d6eb6a5653e5be391
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/f3e4723acdf15d3f690d401d6eb6a5653e5be391
4
reference_url https://github.com/liferay/liferay-portal/commit/fffed67b3fd1cc6071fd25a9b104b7691ffea2f8
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/fffed67b3fd1cc6071fd25a9b104b7691ffea2f8
5
reference_url https://liferay.atlassian.net/browse/LPE-18188
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-18188
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43752
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43752
7
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43752
reference_id CVE-2025-43752
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-22T11:27:55Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43752
8
reference_url https://github.com/advisories/GHSA-qpp6-f3qj-rggq
reference_id GHSA-qpp6-f3qj-rggq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qpp6-f3qj-rggq
fixed_packages
aliases CVE-2025-43752, GHSA-qpp6-f3qj-rggq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5rce-t9wm-4ycx
5
url VCID-5sft-4ab1-9kcg
vulnerability_id VCID-5sft-4ab1-9kcg
summary Cross-site scripting (XSS) vulnerability in the Account module in Liferay Portal 7.4.3.21 through 7.4.3.62, and Liferay DXP 7.4 update 21 through 62 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user's (1) First Name, (2) Middle Name, (3) Last Name, or (4) Job Title text field.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-33943
reference_id
reference_type
scores
0
value 0.00296
scoring_system epss
scoring_elements 0.53439
published_at 2026-06-12T12:55:00Z
1
value 0.00296
scoring_system epss
scoring_elements 0.53442
published_at 2026-06-14T12:55:00Z
2
value 0.00296
scoring_system epss
scoring_elements 0.53313
published_at 2026-06-11T12:55:00Z
3
value 0.00296
scoring_system epss
scoring_elements 0.53454
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-33943
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-33943
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-33943
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33943
reference_id cve-2023-33943
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:46:56Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33943
4
reference_url https://github.com/advisories/GHSA-p9xg-9378-cqp7
reference_id GHSA-p9xg-9378-cqp7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p9xg-9378-cqp7
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.63
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.63
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-4m1t-nd28-43b2
2
vulnerability VCID-55fq-h94e-kuep
3
vulnerability VCID-5rce-t9wm-4ycx
4
vulnerability VCID-5ytw-d875-3yfe
5
vulnerability VCID-69x9-5buz-1yht
6
vulnerability VCID-6f8z-s1fz-57b2
7
vulnerability VCID-6jsv-kw7h-9yeu
8
vulnerability VCID-73u9-6qzv-t7f7
9
vulnerability VCID-7bjy-2h8a-ukbe
10
vulnerability VCID-99sz-6eag-3kff
11
vulnerability VCID-9seq-71yb-tfcf
12
vulnerability VCID-beqe-x5p8-23b9
13
vulnerability VCID-c2hc-pbr7-2yhz
14
vulnerability VCID-d49a-szjx-jub1
15
vulnerability VCID-d9qm-h8q2-sfda
16
vulnerability VCID-deaj-uts6-aqb5
17
vulnerability VCID-dztj-3hzz-3bcg
18
vulnerability VCID-eb9n-cwf1-fbga
19
vulnerability VCID-ep8t-7k2h-2kdp
20
vulnerability VCID-epds-vwku-cyed
21
vulnerability VCID-evtz-a8xn-e7b6
22
vulnerability VCID-ext6-8u2c-xufv
23
vulnerability VCID-f6z5-3pp9-7qey
24
vulnerability VCID-gfwc-qjpr-6fgf
25
vulnerability VCID-hqwn-t5mr-13ab
26
vulnerability VCID-hthn-qn9g-u3dv
27
vulnerability VCID-j2r3-g95d-hued
28
vulnerability VCID-kke1-d8nw-tyhj
29
vulnerability VCID-mmy3-eycu-q7bu
30
vulnerability VCID-p1dw-dttz-x7ee
31
vulnerability VCID-p3dp-ku5j-yke9
32
vulnerability VCID-pac3-4jrs-pqdg
33
vulnerability VCID-ph25-5qgg-zfer
34
vulnerability VCID-rcmj-djgg-bqf7
35
vulnerability VCID-ser9-x7zq-dqdv
36
vulnerability VCID-te96-dz9q-z3cy
37
vulnerability VCID-tkws-gscx-pff6
38
vulnerability VCID-twb2-9ane-tfdw
39
vulnerability VCID-u5rg-89bb-wbfy
40
vulnerability VCID-u9gz-jcnn-syby
41
vulnerability VCID-vcth-rrmy-5qej
42
vulnerability VCID-w2a5-j7ew-mbet
43
vulnerability VCID-w71u-16bg-nke4
44
vulnerability VCID-whty-vwsm-t7gt
45
vulnerability VCID-xftu-6k5q-7ub6
46
vulnerability VCID-xvs7-58y1-3ybj
47
vulnerability VCID-y38f-84j9-fygf
48
vulnerability VCID-zc53-8p5g-2kcv
49
vulnerability VCID-zkm4-bz55-9bb8
50
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.63
aliases CVE-2023-33943, GHSA-p9xg-9378-cqp7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5sft-4ab1-9kcg
6
url VCID-5ytw-d875-3yfe
vulnerability_id VCID-5ytw-d875-3yfe
summary Password enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 2024.Q1.5, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote attackers to determine a user’s password even if account lockout is enabled via brute force attack.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-62257
reference_id
reference_type
scores
0
value 0.00016
scoring_system epss
scoring_elements 0.03996
published_at 2026-06-11T12:55:00Z
1
value 0.00016
scoring_system epss
scoring_elements 0.04012
published_at 2026-06-14T12:55:00Z
2
value 0.00016
scoring_system epss
scoring_elements 0.04002
published_at 2026-06-13T12:55:00Z
3
value 0.00016
scoring_system epss
scoring_elements 0.04013
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-62257
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/45cffd5030ab78e8b005d9cfd6284311da978c68
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/45cffd5030ab78e8b005d9cfd6284311da978c68
3
reference_url https://github.com/liferay/liferay-portal/commit/924a0a47007665693fe2d29623cb48a426a80266
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/924a0a47007665693fe2d29623cb48a426a80266
4
reference_url https://github.com/liferay/liferay-portal/commit/d21627ac07561c5063f611be631e63ff502ec8e7
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/d21627ac07561c5063f611be631e63ff502ec8e7
5
reference_url https://liferay.atlassian.net/browse/LPE-17692
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-17692
6
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62257
reference_id CVE-2025-62257
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-30T14:08:10Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62257
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-62257
reference_id CVE-2025-62257
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-62257
8
reference_url https://github.com/advisories/GHSA-8hw3-ghwv-crfh
reference_id GHSA-8hw3-ghwv-crfh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8hw3-ghwv-crfh
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.120
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.120
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-5rce-t9wm-4ycx
2
vulnerability VCID-73u9-6qzv-t7f7
3
vulnerability VCID-9seq-71yb-tfcf
4
vulnerability VCID-beqe-x5p8-23b9
5
vulnerability VCID-c2hc-pbr7-2yhz
6
vulnerability VCID-d9qm-h8q2-sfda
7
vulnerability VCID-ep8t-7k2h-2kdp
8
vulnerability VCID-epds-vwku-cyed
9
vulnerability VCID-f6z5-3pp9-7qey
10
vulnerability VCID-hthn-qn9g-u3dv
11
vulnerability VCID-kke1-d8nw-tyhj
12
vulnerability VCID-mmy3-eycu-q7bu
13
vulnerability VCID-ph25-5qgg-zfer
14
vulnerability VCID-rcmj-djgg-bqf7
15
vulnerability VCID-tgj6-8vhq-23ae
16
vulnerability VCID-vcth-rrmy-5qej
17
vulnerability VCID-w2a5-j7ew-mbet
18
vulnerability VCID-w71u-16bg-nke4
19
vulnerability VCID-whty-vwsm-t7gt
20
vulnerability VCID-xftu-6k5q-7ub6
21
vulnerability VCID-xvs7-58y1-3ybj
22
vulnerability VCID-y38f-84j9-fygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.120
aliases CVE-2025-62257, GHSA-8hw3-ghwv-crfh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5ytw-d875-3yfe
7
url VCID-69x9-5buz-1yht
vulnerability_id VCID-69x9-5buz-1yht
summary The Profile widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and older unsupported versions uses a user’s name in the “Content-Disposition” header, which allows remote authenticated users to change the file extension when a vCard file is downloaded.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43824
reference_id
reference_type
scores
0
value 0.00036
scoring_system epss
scoring_elements 0.1107
published_at 2026-06-11T12:55:00Z
1
value 0.00036
scoring_system epss
scoring_elements 0.11099
published_at 2026-06-14T12:55:00Z
2
value 0.00036
scoring_system epss
scoring_elements 0.1113
published_at 2026-06-13T12:55:00Z
3
value 0.00036
scoring_system epss
scoring_elements 0.11136
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43824
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43824
reference_id CVE-2025-43824
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-07T15:52:30Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43824
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43824
reference_id CVE-2025-43824
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43824
4
reference_url https://github.com/advisories/GHSA-pfxj-gvqg-mj44
reference_id GHSA-pfxj-gvqg-mj44
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pfxj-gvqg-mj44
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-5rce-t9wm-4ycx
2
vulnerability VCID-5ytw-d875-3yfe
3
vulnerability VCID-73u9-6qzv-t7f7
4
vulnerability VCID-7bjy-2h8a-ukbe
5
vulnerability VCID-9seq-71yb-tfcf
6
vulnerability VCID-beqe-x5p8-23b9
7
vulnerability VCID-c2hc-pbr7-2yhz
8
vulnerability VCID-d9qm-h8q2-sfda
9
vulnerability VCID-ep8t-7k2h-2kdp
10
vulnerability VCID-epds-vwku-cyed
11
vulnerability VCID-f6z5-3pp9-7qey
12
vulnerability VCID-hthn-qn9g-u3dv
13
vulnerability VCID-kke1-d8nw-tyhj
14
vulnerability VCID-mmy3-eycu-q7bu
15
vulnerability VCID-ph25-5qgg-zfer
16
vulnerability VCID-rcmj-djgg-bqf7
17
vulnerability VCID-tgj6-8vhq-23ae
18
vulnerability VCID-vcth-rrmy-5qej
19
vulnerability VCID-w2a5-j7ew-mbet
20
vulnerability VCID-w71u-16bg-nke4
21
vulnerability VCID-whty-vwsm-t7gt
22
vulnerability VCID-xftu-6k5q-7ub6
23
vulnerability VCID-xvs7-58y1-3ybj
24
vulnerability VCID-y38f-84j9-fygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112
aliases CVE-2025-43824, GHSA-pfxj-gvqg-mj44
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-69x9-5buz-1yht
8
url VCID-6f8z-s1fz-57b2
vulnerability_id VCID-6f8z-s1fz-57b2
summary CSRF vulnerability in Headless API in Liferay Portal 7.4.0 through 7.4.3.107, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to execute any Headless API via the `endpoint` parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-62258
reference_id
reference_type
scores
0
value 0.00023
scoring_system epss
scoring_elements 0.06808
published_at 2026-06-11T12:55:00Z
1
value 0.00023
scoring_system epss
scoring_elements 0.06806
published_at 2026-06-14T12:55:00Z
2
value 0.00023
scoring_system epss
scoring_elements 0.06819
published_at 2026-06-13T12:55:00Z
3
value 0.00023
scoring_system epss
scoring_elements 0.06829
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-62258
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62258
reference_id CVE-2025-62258
reference_type
scores
0
value 7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
1
value 7.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-28T14:59:44Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62258
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-62258
reference_id CVE-2025-62258
reference_type
scores
0
value 7.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-62258
4
reference_url https://github.com/advisories/GHSA-gh4w-8qgq-8w9r
reference_id GHSA-gh4w-8qgq-8w9r
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gh4w-8qgq-8w9r
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.108
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.108
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.108
1
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-5rce-t9wm-4ycx
2
vulnerability VCID-5ytw-d875-3yfe
3
vulnerability VCID-69x9-5buz-1yht
4
vulnerability VCID-6jsv-kw7h-9yeu
5
vulnerability VCID-73u9-6qzv-t7f7
6
vulnerability VCID-7bjy-2h8a-ukbe
7
vulnerability VCID-9seq-71yb-tfcf
8
vulnerability VCID-beqe-x5p8-23b9
9
vulnerability VCID-c2hc-pbr7-2yhz
10
vulnerability VCID-d9qm-h8q2-sfda
11
vulnerability VCID-dztj-3hzz-3bcg
12
vulnerability VCID-ep8t-7k2h-2kdp
13
vulnerability VCID-epds-vwku-cyed
14
vulnerability VCID-f6z5-3pp9-7qey
15
vulnerability VCID-gfwc-qjpr-6fgf
16
vulnerability VCID-hthn-qn9g-u3dv
17
vulnerability VCID-j2r3-g95d-hued
18
vulnerability VCID-kke1-d8nw-tyhj
19
vulnerability VCID-mmy3-eycu-q7bu
20
vulnerability VCID-p1dw-dttz-x7ee
21
vulnerability VCID-p3dp-ku5j-yke9
22
vulnerability VCID-ph25-5qgg-zfer
23
vulnerability VCID-qxsh-hm7q-5ban
24
vulnerability VCID-rcmj-djgg-bqf7
25
vulnerability VCID-tgj6-8vhq-23ae
26
vulnerability VCID-u5rg-89bb-wbfy
27
vulnerability VCID-vcth-rrmy-5qej
28
vulnerability VCID-w2a5-j7ew-mbet
29
vulnerability VCID-w71u-16bg-nke4
30
vulnerability VCID-whty-vwsm-t7gt
31
vulnerability VCID-xftu-6k5q-7ub6
32
vulnerability VCID-xvs7-58y1-3ybj
33
vulnerability VCID-y38f-84j9-fygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112
aliases CVE-2025-62258, GHSA-gh4w-8qgq-8w9r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6f8z-s1fz-57b2
9
url VCID-6jsv-kw7h-9yeu
vulnerability_id VCID-6jsv-kw7h-9yeu
summary The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions before updating a workflow definition, which allows remote authenticated users to modify workflow definitions and execute arbitrary code (RCE) via the headless API.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-38002
reference_id
reference_type
scores
0
value 0.04275
scoring_system epss
scoring_elements 0.89122
published_at 2026-06-12T12:55:00Z
1
value 0.04275
scoring_system epss
scoring_elements 0.89084
published_at 2026-06-11T12:55:00Z
2
value 0.04275
scoring_system epss
scoring_elements 0.89129
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-38002
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-38002
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-38002
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-38002
reference_id CVE-2024-38002
reference_type
scores
0
value 9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T15:21:03Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-38002
4
reference_url https://github.com/advisories/GHSA-3mfq-fp2f-vwqh
reference_id GHSA-3mfq-fp2f-vwqh
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3mfq-fp2f-vwqh
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-5rce-t9wm-4ycx
2
vulnerability VCID-5ytw-d875-3yfe
3
vulnerability VCID-73u9-6qzv-t7f7
4
vulnerability VCID-7bjy-2h8a-ukbe
5
vulnerability VCID-9seq-71yb-tfcf
6
vulnerability VCID-beqe-x5p8-23b9
7
vulnerability VCID-c2hc-pbr7-2yhz
8
vulnerability VCID-d9qm-h8q2-sfda
9
vulnerability VCID-ep8t-7k2h-2kdp
10
vulnerability VCID-epds-vwku-cyed
11
vulnerability VCID-f6z5-3pp9-7qey
12
vulnerability VCID-hthn-qn9g-u3dv
13
vulnerability VCID-kke1-d8nw-tyhj
14
vulnerability VCID-mmy3-eycu-q7bu
15
vulnerability VCID-ph25-5qgg-zfer
16
vulnerability VCID-rcmj-djgg-bqf7
17
vulnerability VCID-tgj6-8vhq-23ae
18
vulnerability VCID-vcth-rrmy-5qej
19
vulnerability VCID-w2a5-j7ew-mbet
20
vulnerability VCID-w71u-16bg-nke4
21
vulnerability VCID-whty-vwsm-t7gt
22
vulnerability VCID-xftu-6k5q-7ub6
23
vulnerability VCID-xvs7-58y1-3ybj
24
vulnerability VCID-y38f-84j9-fygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112
aliases CVE-2024-38002, GHSA-3mfq-fp2f-vwqh
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6jsv-kw7h-9yeu
10
url VCID-73u9-6qzv-t7f7
vulnerability_id VCID-73u9-6qzv-t7f7
summary A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows an remote authenticated attacker to inject JavaScrip in the _com_liferay_users_admin_web_portlet_UsersAdminPortlet_assetTagNames parameter
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43741
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.14107
published_at 2026-06-14T12:55:00Z
1
value 0.00044
scoring_system epss
scoring_elements 0.1402
published_at 2026-06-11T12:55:00Z
2
value 0.00044
scoring_system epss
scoring_elements 0.14133
published_at 2026-06-13T12:55:00Z
3
value 0.00044
scoring_system epss
scoring_elements 0.14136
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43741
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/264f4f91aa4f8373c5a9cc44420edf1689384cbb
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/264f4f91aa4f8373c5a9cc44420edf1689384cbb
3
reference_url https://liferay.atlassian.net/browse/LPE-18193
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-18193
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43741
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43741
5
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43741
reference_id CVE-2025-43741
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-20T15:16:53Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43741
6
reference_url https://github.com/advisories/GHSA-j6p8-g3rj-ghpm
reference_id GHSA-j6p8-g3rj-ghpm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j6p8-g3rj-ghpm
fixed_packages
aliases CVE-2025-43741, GHSA-j6p8-g3rj-ghpm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-73u9-6qzv-t7f7
11
url VCID-7bjy-2h8a-ukbe
vulnerability_id VCID-7bjy-2h8a-ukbe
summary Stored cross-site scripting (XSS) vulnerabilities in Web Content translation in Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allow remote attackers to inject arbitrary web script or HTML via any rich text field in a web content article.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43826
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.10239
published_at 2026-06-12T12:55:00Z
1
value 0.00033
scoring_system epss
scoring_elements 0.10231
published_at 2026-06-14T12:55:00Z
2
value 0.00033
scoring_system epss
scoring_elements 0.10191
published_at 2026-06-11T12:55:00Z
3
value 0.00033
scoring_system epss
scoring_elements 0.10245
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43826
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.atlassian.net/browse/LPE-17939
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-17939
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43826
reference_id CVE-2025-43826
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T15:03:14Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43826
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43826
reference_id CVE-2025-43826
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43826
5
reference_url https://github.com/advisories/GHSA-qh92-cr5f-3595
reference_id GHSA-qh92-cr5f-3595
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qh92-cr5f-3595
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.113-ga113
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.113-ga113
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.113-ga113
1
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.120
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.120
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-5rce-t9wm-4ycx
2
vulnerability VCID-73u9-6qzv-t7f7
3
vulnerability VCID-9seq-71yb-tfcf
4
vulnerability VCID-beqe-x5p8-23b9
5
vulnerability VCID-c2hc-pbr7-2yhz
6
vulnerability VCID-d9qm-h8q2-sfda
7
vulnerability VCID-ep8t-7k2h-2kdp
8
vulnerability VCID-epds-vwku-cyed
9
vulnerability VCID-f6z5-3pp9-7qey
10
vulnerability VCID-hthn-qn9g-u3dv
11
vulnerability VCID-kke1-d8nw-tyhj
12
vulnerability VCID-mmy3-eycu-q7bu
13
vulnerability VCID-ph25-5qgg-zfer
14
vulnerability VCID-rcmj-djgg-bqf7
15
vulnerability VCID-tgj6-8vhq-23ae
16
vulnerability VCID-vcth-rrmy-5qej
17
vulnerability VCID-w2a5-j7ew-mbet
18
vulnerability VCID-w71u-16bg-nke4
19
vulnerability VCID-whty-vwsm-t7gt
20
vulnerability VCID-xftu-6k5q-7ub6
21
vulnerability VCID-xvs7-58y1-3ybj
22
vulnerability VCID-y38f-84j9-fygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.120
aliases CVE-2025-43826, GHSA-qh92-cr5f-3595
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7bjy-2h8a-ukbe
12
url VCID-99sz-6eag-3kff
vulnerability_id VCID-99sz-6eag-3kff
summary Stored cross-site scripting (XSS) vulnerability in the Document and Media widget in Liferay Portal 7.4.3.18 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 18 through 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into a document's “Title” text field.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-47795
reference_id
reference_type
scores
0
value 0.00458
scoring_system epss
scoring_elements 0.64421
published_at 2026-06-11T12:55:00Z
1
value 0.00458
scoring_system epss
scoring_elements 0.64531
published_at 2026-06-14T12:55:00Z
2
value 0.00458
scoring_system epss
scoring_elements 0.64523
published_at 2026-06-12T12:55:00Z
3
value 0.00458
scoring_system epss
scoring_elements 0.64536
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-47795
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-47795
reference_id cve-2023-47795
reference_type
scores
0
value 9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T18:14:14Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-47795
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-47795
reference_id CVE-2023-47795
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-47795
4
reference_url https://github.com/advisories/GHSA-q2cv-7j58-rfmj
reference_id GHSA-q2cv-7j58-rfmj
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q2cv-7j58-rfmj
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.102
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.102
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-4m1t-nd28-43b2
2
vulnerability VCID-55fq-h94e-kuep
3
vulnerability VCID-5rce-t9wm-4ycx
4
vulnerability VCID-5ytw-d875-3yfe
5
vulnerability VCID-69x9-5buz-1yht
6
vulnerability VCID-6f8z-s1fz-57b2
7
vulnerability VCID-6jsv-kw7h-9yeu
8
vulnerability VCID-73u9-6qzv-t7f7
9
vulnerability VCID-7bjy-2h8a-ukbe
10
vulnerability VCID-9seq-71yb-tfcf
11
vulnerability VCID-beqe-x5p8-23b9
12
vulnerability VCID-c2hc-pbr7-2yhz
13
vulnerability VCID-d49a-szjx-jub1
14
vulnerability VCID-d9qm-h8q2-sfda
15
vulnerability VCID-dztj-3hzz-3bcg
16
vulnerability VCID-eb9n-cwf1-fbga
17
vulnerability VCID-ep8t-7k2h-2kdp
18
vulnerability VCID-epds-vwku-cyed
19
vulnerability VCID-evtz-a8xn-e7b6
20
vulnerability VCID-f6z5-3pp9-7qey
21
vulnerability VCID-gfwc-qjpr-6fgf
22
vulnerability VCID-hthn-qn9g-u3dv
23
vulnerability VCID-j2r3-g95d-hued
24
vulnerability VCID-k7dn-nb9d-ckdk
25
vulnerability VCID-kke1-d8nw-tyhj
26
vulnerability VCID-mmy3-eycu-q7bu
27
vulnerability VCID-p1dw-dttz-x7ee
28
vulnerability VCID-p3dp-ku5j-yke9
29
vulnerability VCID-ph25-5qgg-zfer
30
vulnerability VCID-qxsh-hm7q-5ban
31
vulnerability VCID-rcmj-djgg-bqf7
32
vulnerability VCID-tgj6-8vhq-23ae
33
vulnerability VCID-tkws-gscx-pff6
34
vulnerability VCID-twb2-9ane-tfdw
35
vulnerability VCID-u5rg-89bb-wbfy
36
vulnerability VCID-u9gz-jcnn-syby
37
vulnerability VCID-vcth-rrmy-5qej
38
vulnerability VCID-w2a5-j7ew-mbet
39
vulnerability VCID-w71u-16bg-nke4
40
vulnerability VCID-whty-vwsm-t7gt
41
vulnerability VCID-xftu-6k5q-7ub6
42
vulnerability VCID-xvs7-58y1-3ybj
43
vulnerability VCID-y38f-84j9-fygf
44
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.102
aliases CVE-2023-47795, GHSA-q2cv-7j58-rfmj
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-99sz-6eag-3kff
13
url VCID-9seq-71yb-tfcf
vulnerability_id VCID-9seq-71yb-tfcf
summary Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.3.45 through 7.4.3.128, and Liferay DXP 2024 Q2.0 through 2024.Q2.9, 2024.Q1.1 through 2024.Q1.12, and 7.4 update 45 through update 92 allows remote attackers to execute an arbitrary web script or HTML in the My Workflow Tasks page.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43785
reference_id
reference_type
scores
0
value 0.00041
scoring_system epss
scoring_elements 0.12894
published_at 2026-06-14T12:55:00Z
1
value 0.00041
scoring_system epss
scoring_elements 0.12807
published_at 2026-06-11T12:55:00Z
2
value 0.00041
scoring_system epss
scoring_elements 0.12913
published_at 2026-06-13T12:55:00Z
3
value 0.00041
scoring_system epss
scoring_elements 0.12902
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43785
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/5f1a7c347c81f05848f032a9e25cbc9abaab05ff
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/5f1a7c347c81f05848f032a9e25cbc9abaab05ff
3
reference_url https://liferay.atlassian.net/browse/LPE-18074
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-18074
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43785
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43785
5
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43785
reference_id CVE-2025-43785
reference_type
scores
0
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-10T18:50:21Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43785
6
reference_url https://github.com/advisories/GHSA-66x6-8jgv-qpfh
reference_id GHSA-66x6-8jgv-qpfh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-66x6-8jgv-qpfh
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.129
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.129
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-5rce-t9wm-4ycx
2
vulnerability VCID-73u9-6qzv-t7f7
3
vulnerability VCID-beqe-x5p8-23b9
4
vulnerability VCID-c2hc-pbr7-2yhz
5
vulnerability VCID-d9qm-h8q2-sfda
6
vulnerability VCID-ep8t-7k2h-2kdp
7
vulnerability VCID-epds-vwku-cyed
8
vulnerability VCID-f6z5-3pp9-7qey
9
vulnerability VCID-hthn-qn9g-u3dv
10
vulnerability VCID-jpgh-rqqn-x7ge
11
vulnerability VCID-kke1-d8nw-tyhj
12
vulnerability VCID-mmy3-eycu-q7bu
13
vulnerability VCID-ph25-5qgg-zfer
14
vulnerability VCID-rcmj-djgg-bqf7
15
vulnerability VCID-vcth-rrmy-5qej
16
vulnerability VCID-w2a5-j7ew-mbet
17
vulnerability VCID-xftu-6k5q-7ub6
18
vulnerability VCID-xvs7-58y1-3ybj
19
vulnerability VCID-y38f-84j9-fygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.129
aliases CVE-2025-43785, GHSA-66x6-8jgv-qpfh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9seq-71yb-tfcf
14
url VCID-beqe-x5p8-23b9
vulnerability_id VCID-beqe-x5p8-23b9
summary A Denial Of Service via File Upload (DOS) vulnerability in the Liferay Portal 7.4.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows a user to upload more than 300kb profile picture into the user profile. This size more than the noted max 300kb size. This extra amount of data can make Liferay slower.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43736
reference_id
reference_type
scores
0
value 0.00668
scoring_system epss
scoring_elements 0.71844
published_at 2026-06-12T12:55:00Z
1
value 0.00668
scoring_system epss
scoring_elements 0.71854
published_at 2026-06-14T12:55:00Z
2
value 0.00668
scoring_system epss
scoring_elements 0.71759
published_at 2026-06-11T12:55:00Z
3
value 0.00668
scoring_system epss
scoring_elements 0.71857
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43736
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/RE:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/ab8932bee29df7df377c468f662d55e624d9390d
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/RE:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/ab8932bee29df7df377c468f662d55e624d9390d
3
reference_url https://liferay.atlassian.net/browse/LPE-18220
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/RE:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-18220
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43736
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/RE:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43736
5
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43736
reference_id CVE-2025-43736
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/RE:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-12T18:15:44Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43736
6
reference_url https://github.com/advisories/GHSA-cg99-m88x-422c
reference_id GHSA-cg99-m88x-422c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cg99-m88x-422c
fixed_packages
aliases CVE-2025-43736, GHSA-cg99-m88x-422c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-beqe-x5p8-23b9
15
url VCID-c2hc-pbr7-2yhz
vulnerability_id VCID-c2hc-pbr7-2yhz
summary A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows an remote authenticated user to inject JavaScript in message board threads and categories.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43731
reference_id
reference_type
scores
0
value 0.00048
scoring_system epss
scoring_elements 0.15501
published_at 2026-06-12T12:55:00Z
1
value 0.00048
scoring_system epss
scoring_elements 0.15365
published_at 2026-06-11T12:55:00Z
2
value 0.00048
scoring_system epss
scoring_elements 0.15509
published_at 2026-06-13T12:55:00Z
3
value 0.0013
scoring_system epss
scoring_elements 0.32179
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43731
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/41708aa542c103521427ecf06f4b20cb37c65ecf
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/41708aa542c103521427ecf06f4b20cb37c65ecf
3
reference_url https://github.com/liferay/liferay-portal/commit/cd1c692dfed3bbebe10074ecb89c561893fffaf9
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/cd1c692dfed3bbebe10074ecb89c561893fffaf9
4
reference_url https://github.com/liferay/liferay-portal/commit/f23921fc93cf713f27ed9c4d31b8c1854c0e2abb
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/f23921fc93cf713f27ed9c4d31b8c1854c0e2abb
5
reference_url https://liferay.atlassian.net/browse/LPE-18217
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-18217
6
reference_url https://liferay.atlassian.net/browse/LPE-18219
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-18219
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43731
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43731
8
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43731
reference_id CVE-2025-43731
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-18T18:37:36Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43731
9
reference_url https://github.com/advisories/GHSA-3p2m-574v-v257
reference_id GHSA-3p2m-574v-v257
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3p2m-574v-v257
fixed_packages
aliases CVE-2025-43731, GHSA-3p2m-574v-v257
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c2hc-pbr7-2yhz
16
url VCID-d49a-szjx-jub1
vulnerability_id VCID-d49a-szjx-jub1
summary Open redirect vulnerability in the Countries Management’s edit region page in Liferay Portal 7.4.3.45 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 45 through 92 allows remote attackers to redirect users to arbitrary external URLs via the _com_liferay_address_web_internal_portlet_CountriesManagementAdminPortlet_redirect parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-5190
reference_id
reference_type
scores
0
value 0.00323
scoring_system epss
scoring_elements 0.55794
published_at 2026-06-11T12:55:00Z
1
value 0.00323
scoring_system epss
scoring_elements 0.55917
published_at 2026-06-14T12:55:00Z
2
value 0.00323
scoring_system epss
scoring_elements 0.55915
published_at 2026-06-12T12:55:00Z
3
value 0.00323
scoring_system epss
scoring_elements 0.5593
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-5190
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/26277c22498eb03bb192bbe9e5d2ee34d213780b
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/26277c22498eb03bb192bbe9e5d2ee34d213780b
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-5190
reference_id cve-2023-5190
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-20T18:29:08Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-5190
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-5190
reference_id CVE-2023-5190
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-5190
5
reference_url https://github.com/advisories/GHSA-f3rf-cr7f-cwc4
reference_id GHSA-f3rf-cr7f-cwc4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f3rf-cr7f-cwc4
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.102-ga102
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.102-ga102
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.102-ga102
1
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.103
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.103
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-4m1t-nd28-43b2
2
vulnerability VCID-55fq-h94e-kuep
3
vulnerability VCID-5rce-t9wm-4ycx
4
vulnerability VCID-5ytw-d875-3yfe
5
vulnerability VCID-69x9-5buz-1yht
6
vulnerability VCID-6f8z-s1fz-57b2
7
vulnerability VCID-6jsv-kw7h-9yeu
8
vulnerability VCID-73u9-6qzv-t7f7
9
vulnerability VCID-7bjy-2h8a-ukbe
10
vulnerability VCID-9seq-71yb-tfcf
11
vulnerability VCID-beqe-x5p8-23b9
12
vulnerability VCID-c2hc-pbr7-2yhz
13
vulnerability VCID-d9qm-h8q2-sfda
14
vulnerability VCID-dztj-3hzz-3bcg
15
vulnerability VCID-eb9n-cwf1-fbga
16
vulnerability VCID-ep8t-7k2h-2kdp
17
vulnerability VCID-epds-vwku-cyed
18
vulnerability VCID-evtz-a8xn-e7b6
19
vulnerability VCID-f6z5-3pp9-7qey
20
vulnerability VCID-gfwc-qjpr-6fgf
21
vulnerability VCID-hthn-qn9g-u3dv
22
vulnerability VCID-j2r3-g95d-hued
23
vulnerability VCID-k7dn-nb9d-ckdk
24
vulnerability VCID-kke1-d8nw-tyhj
25
vulnerability VCID-mmy3-eycu-q7bu
26
vulnerability VCID-p1dw-dttz-x7ee
27
vulnerability VCID-p3dp-ku5j-yke9
28
vulnerability VCID-ph25-5qgg-zfer
29
vulnerability VCID-qxsh-hm7q-5ban
30
vulnerability VCID-rcmj-djgg-bqf7
31
vulnerability VCID-tgj6-8vhq-23ae
32
vulnerability VCID-tkws-gscx-pff6
33
vulnerability VCID-twb2-9ane-tfdw
34
vulnerability VCID-u5rg-89bb-wbfy
35
vulnerability VCID-u9gz-jcnn-syby
36
vulnerability VCID-vcth-rrmy-5qej
37
vulnerability VCID-w2a5-j7ew-mbet
38
vulnerability VCID-w71u-16bg-nke4
39
vulnerability VCID-whty-vwsm-t7gt
40
vulnerability VCID-xftu-6k5q-7ub6
41
vulnerability VCID-xvs7-58y1-3ybj
42
vulnerability VCID-y38f-84j9-fygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.103
aliases CVE-2023-5190, GHSA-f3rf-cr7f-cwc4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d49a-szjx-jub1
17
url VCID-d9qm-h8q2-sfda
vulnerability_id VCID-d9qm-h8q2-sfda
summary Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows unauthenticated users (guests) to access via URL files uploaded in the form and stored in document_library
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43749
reference_id
reference_type
scores
0
value 0.00141
scoring_system epss
scoring_elements 0.342
published_at 2026-06-14T12:55:00Z
1
value 0.00141
scoring_system epss
scoring_elements 0.3402
published_at 2026-06-11T12:55:00Z
2
value 0.00141
scoring_system epss
scoring_elements 0.34221
published_at 2026-06-13T12:55:00Z
3
value 0.00141
scoring_system epss
scoring_elements 0.34197
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43749
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/5919534a979a97444172f49705b7a224e372e625
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/5919534a979a97444172f49705b7a224e372e625
3
reference_url https://github.com/liferay/liferay-portal/commit/b88e7e0912d27cc166fc788b642616ece9e8c484
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/b88e7e0912d27cc166fc788b642616ece9e8c484
4
reference_url https://liferay.atlassian.net/browse/LPE-18176
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-18176
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43749
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43749
6
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43749
reference_id CVE-2025-43749
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-20T15:12:36Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43749
7
reference_url https://github.com/advisories/GHSA-5fx5-cff6-f3fp
reference_id GHSA-5fx5-cff6-f3fp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5fx5-cff6-f3fp
fixed_packages
aliases CVE-2025-43749, GHSA-5fx5-cff6-f3fp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d9qm-h8q2-sfda
18
url VCID-deaj-uts6-aqb5
vulnerability_id VCID-deaj-uts6-aqb5
summary Reflected cross-site scripting (XSS) vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 4 through 92 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_portal_language_override_web_internal_portlet_PLOPortlet_key parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-42498
reference_id
reference_type
scores
0
value 0.0044
scoring_system epss
scoring_elements 0.63626
published_at 2026-06-11T12:55:00Z
1
value 0.0044
scoring_system epss
scoring_elements 0.63739
published_at 2026-06-14T12:55:00Z
2
value 0.0044
scoring_system epss
scoring_elements 0.63728
published_at 2026-06-12T12:55:00Z
3
value 0.0044
scoring_system epss
scoring_elements 0.63742
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-42498
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42498
reference_id cve-2023-42498
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-26T17:54:30Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42498
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-42498
reference_id CVE-2023-42498
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-42498
4
reference_url https://github.com/advisories/GHSA-73x3-8mrg-5r93
reference_id GHSA-73x3-8mrg-5r93
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-73x3-8mrg-5r93
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.98
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.98
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-4m1t-nd28-43b2
2
vulnerability VCID-55fq-h94e-kuep
3
vulnerability VCID-5rce-t9wm-4ycx
4
vulnerability VCID-5ytw-d875-3yfe
5
vulnerability VCID-69x9-5buz-1yht
6
vulnerability VCID-6f8z-s1fz-57b2
7
vulnerability VCID-6jsv-kw7h-9yeu
8
vulnerability VCID-73u9-6qzv-t7f7
9
vulnerability VCID-7bjy-2h8a-ukbe
10
vulnerability VCID-99sz-6eag-3kff
11
vulnerability VCID-9seq-71yb-tfcf
12
vulnerability VCID-beqe-x5p8-23b9
13
vulnerability VCID-c2hc-pbr7-2yhz
14
vulnerability VCID-d49a-szjx-jub1
15
vulnerability VCID-d9qm-h8q2-sfda
16
vulnerability VCID-dztj-3hzz-3bcg
17
vulnerability VCID-eb9n-cwf1-fbga
18
vulnerability VCID-ep8t-7k2h-2kdp
19
vulnerability VCID-epds-vwku-cyed
20
vulnerability VCID-evtz-a8xn-e7b6
21
vulnerability VCID-ext6-8u2c-xufv
22
vulnerability VCID-f6z5-3pp9-7qey
23
vulnerability VCID-gfwc-qjpr-6fgf
24
vulnerability VCID-hqwn-t5mr-13ab
25
vulnerability VCID-hthn-qn9g-u3dv
26
vulnerability VCID-j2r3-g95d-hued
27
vulnerability VCID-k7dn-nb9d-ckdk
28
vulnerability VCID-kke1-d8nw-tyhj
29
vulnerability VCID-mmy3-eycu-q7bu
30
vulnerability VCID-p1dw-dttz-x7ee
31
vulnerability VCID-p3dp-ku5j-yke9
32
vulnerability VCID-ph25-5qgg-zfer
33
vulnerability VCID-qxsh-hm7q-5ban
34
vulnerability VCID-rcmj-djgg-bqf7
35
vulnerability VCID-tgj6-8vhq-23ae
36
vulnerability VCID-tkws-gscx-pff6
37
vulnerability VCID-twb2-9ane-tfdw
38
vulnerability VCID-twyc-srx8-fudj
39
vulnerability VCID-u5rg-89bb-wbfy
40
vulnerability VCID-u9gz-jcnn-syby
41
vulnerability VCID-vcth-rrmy-5qej
42
vulnerability VCID-w2a5-j7ew-mbet
43
vulnerability VCID-w71u-16bg-nke4
44
vulnerability VCID-whty-vwsm-t7gt
45
vulnerability VCID-xftu-6k5q-7ub6
46
vulnerability VCID-xvs7-58y1-3ybj
47
vulnerability VCID-y38f-84j9-fygf
48
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.98
aliases CVE-2023-42498, GHSA-73x3-8mrg-5r93
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-deaj-uts6-aqb5
19
url VCID-dztj-3hzz-3bcg
vulnerability_id VCID-dztj-3hzz-3bcg
summary Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.4.3.15 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 15 through update 92 allow remote attackers to inject arbitrary web script or HTML via crafted payload injected into a Terms and Condition's Name text field to (1) Payment Terms, or (2) the Delivery Term on the view order page.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43822
reference_id
reference_type
scores
0
value 0.00031
scoring_system epss
scoring_elements 0.093
published_at 2026-06-11T12:55:00Z
1
value 0.00033
scoring_system epss
scoring_elements 0.10231
published_at 2026-06-14T12:55:00Z
2
value 0.00033
scoring_system epss
scoring_elements 0.10239
published_at 2026-06-12T12:55:00Z
3
value 0.00033
scoring_system epss
scoring_elements 0.10245
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43822
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43822
reference_id CVE-2025-43822
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-08T14:34:11Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43822
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43822
reference_id CVE-2025-43822
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43822
4
reference_url https://github.com/advisories/GHSA-4mqx-4p8g-995w
reference_id GHSA-4mqx-4p8g-995w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4mqx-4p8g-995w
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-5rce-t9wm-4ycx
2
vulnerability VCID-5ytw-d875-3yfe
3
vulnerability VCID-73u9-6qzv-t7f7
4
vulnerability VCID-7bjy-2h8a-ukbe
5
vulnerability VCID-9seq-71yb-tfcf
6
vulnerability VCID-beqe-x5p8-23b9
7
vulnerability VCID-c2hc-pbr7-2yhz
8
vulnerability VCID-d9qm-h8q2-sfda
9
vulnerability VCID-ep8t-7k2h-2kdp
10
vulnerability VCID-epds-vwku-cyed
11
vulnerability VCID-f6z5-3pp9-7qey
12
vulnerability VCID-hthn-qn9g-u3dv
13
vulnerability VCID-kke1-d8nw-tyhj
14
vulnerability VCID-mmy3-eycu-q7bu
15
vulnerability VCID-ph25-5qgg-zfer
16
vulnerability VCID-rcmj-djgg-bqf7
17
vulnerability VCID-tgj6-8vhq-23ae
18
vulnerability VCID-vcth-rrmy-5qej
19
vulnerability VCID-w2a5-j7ew-mbet
20
vulnerability VCID-w71u-16bg-nke4
21
vulnerability VCID-whty-vwsm-t7gt
22
vulnerability VCID-xftu-6k5q-7ub6
23
vulnerability VCID-xvs7-58y1-3ybj
24
vulnerability VCID-y38f-84j9-fygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112
aliases CVE-2025-43822, GHSA-4mqx-4p8g-995w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dztj-3hzz-3bcg
20
url VCID-eb9n-cwf1-fbga
vulnerability_id VCID-eb9n-cwf1-fbga
summary Possible path traversal vulnerability and denial-of-service in the ComboServlet in Liferay Portal 7.4.0 through 7.4.3.107, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to access arbitrary CSS and JSS files and load the files multiple times via the query string in a URL.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43813
reference_id
reference_type
scores
0
value 0.00198
scoring_system epss
scoring_elements 0.4206
published_at 2026-06-13T12:55:00Z
1
value 0.00198
scoring_system epss
scoring_elements 0.42049
published_at 2026-06-14T12:55:00Z
2
value 0.00198
scoring_system epss
scoring_elements 0.41877
published_at 2026-06-11T12:55:00Z
3
value 0.00198
scoring_system epss
scoring_elements 0.42041
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43813
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/7acad68976e831a0f3b855752ad7874e03be1d43
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/7acad68976e831a0f3b855752ad7874e03be1d43
3
reference_url https://github.com/liferay/liferay-portal/commit/9159075ede8a1656bf67a893a486c93a9e9fe70a
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/9159075ede8a1656bf67a893a486c93a9e9fe70a
4
reference_url https://github.com/liferay/liferay-portal/commit/9be57d358ae0f6181a138ce08f52b80e4b14778a
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/9be57d358ae0f6181a138ce08f52b80e4b14778a
5
reference_url https://liferay.atlassian.net/browse/LPE-17865
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-17865
6
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43813
reference_id CVE-2025-43813
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-09-30T14:45:14Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43813
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43813
reference_id CVE-2025-43813
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43813
8
reference_url https://github.com/advisories/GHSA-2hm7-r8f3-423h
reference_id GHSA-2hm7-r8f3-423h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2hm7-r8f3-423h
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.108-ga108
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.108-ga108
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.108-ga108
1
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-5rce-t9wm-4ycx
2
vulnerability VCID-5ytw-d875-3yfe
3
vulnerability VCID-69x9-5buz-1yht
4
vulnerability VCID-6jsv-kw7h-9yeu
5
vulnerability VCID-73u9-6qzv-t7f7
6
vulnerability VCID-7bjy-2h8a-ukbe
7
vulnerability VCID-9seq-71yb-tfcf
8
vulnerability VCID-beqe-x5p8-23b9
9
vulnerability VCID-c2hc-pbr7-2yhz
10
vulnerability VCID-d9qm-h8q2-sfda
11
vulnerability VCID-dztj-3hzz-3bcg
12
vulnerability VCID-ep8t-7k2h-2kdp
13
vulnerability VCID-epds-vwku-cyed
14
vulnerability VCID-f6z5-3pp9-7qey
15
vulnerability VCID-gfwc-qjpr-6fgf
16
vulnerability VCID-hthn-qn9g-u3dv
17
vulnerability VCID-j2r3-g95d-hued
18
vulnerability VCID-kke1-d8nw-tyhj
19
vulnerability VCID-mmy3-eycu-q7bu
20
vulnerability VCID-p1dw-dttz-x7ee
21
vulnerability VCID-p3dp-ku5j-yke9
22
vulnerability VCID-ph25-5qgg-zfer
23
vulnerability VCID-qxsh-hm7q-5ban
24
vulnerability VCID-rcmj-djgg-bqf7
25
vulnerability VCID-tgj6-8vhq-23ae
26
vulnerability VCID-u5rg-89bb-wbfy
27
vulnerability VCID-vcth-rrmy-5qej
28
vulnerability VCID-w2a5-j7ew-mbet
29
vulnerability VCID-w71u-16bg-nke4
30
vulnerability VCID-whty-vwsm-t7gt
31
vulnerability VCID-xftu-6k5q-7ub6
32
vulnerability VCID-xvs7-58y1-3ybj
33
vulnerability VCID-y38f-84j9-fygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112
aliases CVE-2025-43813, GHSA-2hm7-r8f3-423h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eb9n-cwf1-fbga
21
url VCID-ep8t-7k2h-2kdp
vulnerability_id VCID-ep8t-7k2h-2kdp
summary Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows any authenticated remote user to view other calendars by allowing them to enumerate the names of other users, given an attacker the possibility to send phishing to these users.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43743
reference_id
reference_type
scores
0
value 0.00081
scoring_system epss
scoring_elements 0.24078
published_at 2026-06-13T12:55:00Z
1
value 0.00081
scoring_system epss
scoring_elements 0.24057
published_at 2026-06-14T12:55:00Z
2
value 0.00081
scoring_system epss
scoring_elements 0.23872
published_at 2026-06-11T12:55:00Z
3
value 0.00081
scoring_system epss
scoring_elements 0.2407
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43743
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/02528147664475cd9f7205cd8bc05dfd43832201
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/02528147664475cd9f7205cd8bc05dfd43832201
3
reference_url https://github.com/liferay/liferay-portal/commit/144e4a276e456c4b7a0831ff038241f82a9181db
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/144e4a276e456c4b7a0831ff038241f82a9181db
4
reference_url https://github.com/liferay/liferay-portal/commit/1513ed29f830c9119ee6be623ae783e545da4845
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/1513ed29f830c9119ee6be623ae783e545da4845
5
reference_url https://github.com/liferay/liferay-portal/commit/1e368205c710403e76749e38127419780acdda9d
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/1e368205c710403e76749e38127419780acdda9d
6
reference_url https://github.com/liferay/liferay-portal/commit/7d6e1bccb62a41e944e0459d2c4b1eb9fdb31b8e
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/7d6e1bccb62a41e944e0459d2c4b1eb9fdb31b8e
7
reference_url https://github.com/liferay/liferay-portal/commit/9a88f7fa98f9fc11a9eab444a256204cccc82b77
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/9a88f7fa98f9fc11a9eab444a256204cccc82b77
8
reference_url https://github.com/liferay/liferay-portal/commit/9aba859a6956786bcd8ce434ef063eed01b5ec6e
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/9aba859a6956786bcd8ce434ef063eed01b5ec6e
9
reference_url https://github.com/liferay/liferay-portal/commit/bd89933cc9022a98fc34b562ce3573a58f14cf38
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/bd89933cc9022a98fc34b562ce3573a58f14cf38
10
reference_url https://github.com/liferay/liferay-portal/commit/d999a8e1902e88fdd7a26758f137925d969a639d
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/d999a8e1902e88fdd7a26758f137925d969a639d
11
reference_url https://liferay.atlassian.net/browse/LPE-18206
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-18206
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43743
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43743
13
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43743
reference_id CVE-2025-43743
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-19T19:28:02Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43743
14
reference_url https://github.com/advisories/GHSA-g4vp-4gqr-7v8c
reference_id GHSA-g4vp-4gqr-7v8c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g4vp-4gqr-7v8c
fixed_packages
aliases CVE-2025-43743, GHSA-g4vp-4gqr-7v8c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ep8t-7k2h-2kdp
22
url VCID-epds-vwku-cyed
vulnerability_id VCID-epds-vwku-cyed
summary A stored cross-site scripting (XSS) vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, 7.3 GA through update 36, and 7.2 GA through fix pack 20 allows remote authenticated attackers to inject malicious JavaScript into a page.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3760
reference_id
reference_type
scores
0
value 0.00157
scoring_system epss
scoring_elements 0.36505
published_at 2026-06-13T12:55:00Z
1
value 0.00157
scoring_system epss
scoring_elements 0.36493
published_at 2026-06-14T12:55:00Z
2
value 0.00157
scoring_system epss
scoring_elements 0.36299
published_at 2026-06-11T12:55:00Z
3
value 0.00157
scoring_system epss
scoring_elements 0.3648
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3760
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3760
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3760
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3760
reference_id CVE-2025-3760
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-17T13:22:03Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3760
4
reference_url https://github.com/advisories/GHSA-qhp6-vp7c-g7xp
reference_id GHSA-qhp6-vp7c-g7xp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qhp6-vp7c-g7xp
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.132
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.132
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-5rce-t9wm-4ycx
2
vulnerability VCID-73u9-6qzv-t7f7
3
vulnerability VCID-beqe-x5p8-23b9
4
vulnerability VCID-c2hc-pbr7-2yhz
5
vulnerability VCID-d9qm-h8q2-sfda
6
vulnerability VCID-ep8t-7k2h-2kdp
7
vulnerability VCID-f6z5-3pp9-7qey
8
vulnerability VCID-jpgh-rqqn-x7ge
9
vulnerability VCID-kke1-d8nw-tyhj
10
vulnerability VCID-mmy3-eycu-q7bu
11
vulnerability VCID-ph25-5qgg-zfer
12
vulnerability VCID-rcmj-djgg-bqf7
13
vulnerability VCID-vcth-rrmy-5qej
14
vulnerability VCID-w2a5-j7ew-mbet
15
vulnerability VCID-xftu-6k5q-7ub6
16
vulnerability VCID-xvs7-58y1-3ybj
17
vulnerability VCID-y38f-84j9-fygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.132
aliases CVE-2025-3760, GHSA-qhp6-vp7c-g7xp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-epds-vwku-cyed
23
url VCID-evtz-a8xn-e7b6
vulnerability_id VCID-evtz-a8xn-e7b6
summary Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.4.0 through 7.4.3.103, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 update 29 through update 35 allows remote attackers to (1) change user passwords, (2) shut down the server, (3) execute arbitrary code in the scripting console, (4) and perform other administrative actions via the _com_liferay_commerce_catalog_web_internal_portlet_CommerceCatalogsPortlet_redirect parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26273
reference_id
reference_type
scores
0
value 0.02193
scoring_system epss
scoring_elements 0.8481
published_at 2026-06-12T12:55:00Z
1
value 0.02193
scoring_system epss
scoring_elements 0.84811
published_at 2026-06-14T12:55:00Z
2
value 0.02193
scoring_system epss
scoring_elements 0.84758
published_at 2026-06-11T12:55:00Z
3
value 0.02193
scoring_system epss
scoring_elements 0.84819
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26273
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26273
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26273
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-26273
reference_id CVE-2024-26273
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T15:18:21Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-26273
4
reference_url https://github.com/advisories/GHSA-hmrx-6pr5-hpwj
reference_id GHSA-hmrx-6pr5-hpwj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hmrx-6pr5-hpwj
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.104
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.104
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-4m1t-nd28-43b2
2
vulnerability VCID-55fq-h94e-kuep
3
vulnerability VCID-5rce-t9wm-4ycx
4
vulnerability VCID-5ytw-d875-3yfe
5
vulnerability VCID-69x9-5buz-1yht
6
vulnerability VCID-6f8z-s1fz-57b2
7
vulnerability VCID-6jsv-kw7h-9yeu
8
vulnerability VCID-73u9-6qzv-t7f7
9
vulnerability VCID-7bjy-2h8a-ukbe
10
vulnerability VCID-9seq-71yb-tfcf
11
vulnerability VCID-beqe-x5p8-23b9
12
vulnerability VCID-c2hc-pbr7-2yhz
13
vulnerability VCID-d9qm-h8q2-sfda
14
vulnerability VCID-dztj-3hzz-3bcg
15
vulnerability VCID-eb9n-cwf1-fbga
16
vulnerability VCID-ep8t-7k2h-2kdp
17
vulnerability VCID-epds-vwku-cyed
18
vulnerability VCID-f6z5-3pp9-7qey
19
vulnerability VCID-gfwc-qjpr-6fgf
20
vulnerability VCID-hthn-qn9g-u3dv
21
vulnerability VCID-j2r3-g95d-hued
22
vulnerability VCID-k7dn-nb9d-ckdk
23
vulnerability VCID-kke1-d8nw-tyhj
24
vulnerability VCID-mmy3-eycu-q7bu
25
vulnerability VCID-p1dw-dttz-x7ee
26
vulnerability VCID-p3dp-ku5j-yke9
27
vulnerability VCID-ph25-5qgg-zfer
28
vulnerability VCID-qxsh-hm7q-5ban
29
vulnerability VCID-rcmj-djgg-bqf7
30
vulnerability VCID-tgj6-8vhq-23ae
31
vulnerability VCID-tkws-gscx-pff6
32
vulnerability VCID-twb2-9ane-tfdw
33
vulnerability VCID-u5rg-89bb-wbfy
34
vulnerability VCID-u9gz-jcnn-syby
35
vulnerability VCID-vcth-rrmy-5qej
36
vulnerability VCID-w2a5-j7ew-mbet
37
vulnerability VCID-w71u-16bg-nke4
38
vulnerability VCID-whty-vwsm-t7gt
39
vulnerability VCID-xftu-6k5q-7ub6
40
vulnerability VCID-xvs7-58y1-3ybj
41
vulnerability VCID-y38f-84j9-fygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.104
aliases CVE-2024-26273, GHSA-hmrx-6pr5-hpwj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-evtz-a8xn-e7b6
24
url VCID-ext6-8u2c-xufv
vulnerability_id VCID-ext6-8u2c-xufv
summary Liferay Portal 7.4.0 through 7.4.3.99, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 34, and older unsupported versions stores password reset tokens in plain text, which allows attackers with access to the database to obtain the token, reset a user’s password and take over the user’s account.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-62261
reference_id
reference_type
scores
0
value 0.00025
scoring_system epss
scoring_elements 0.07679
published_at 2026-06-12T12:55:00Z
1
value 0.00025
scoring_system epss
scoring_elements 0.07665
published_at 2026-06-14T12:55:00Z
2
value 0.00025
scoring_system epss
scoring_elements 0.07643
published_at 2026-06-11T12:55:00Z
3
value 0.00025
scoring_system epss
scoring_elements 0.07673
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-62261
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/b228c7878f2ed5ad8dbc1ff7ec9b5e6d53bb4b5c
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/b228c7878f2ed5ad8dbc1ff7ec9b5e6d53bb4b5c
3
reference_url https://liferay.atlassian.net/browse/LPE-17785
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-17785
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62261
reference_id CVE-2025-62261
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-28T14:27:39Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62261
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-62261
reference_id CVE-2025-62261
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-62261
6
reference_url https://github.com/advisories/GHSA-xcj6-xpjg-c4xr
reference_id GHSA-xcj6-xpjg-c4xr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xcj6-xpjg-c4xr
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.100
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.100
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-4m1t-nd28-43b2
2
vulnerability VCID-55fq-h94e-kuep
3
vulnerability VCID-5rce-t9wm-4ycx
4
vulnerability VCID-5ytw-d875-3yfe
5
vulnerability VCID-69x9-5buz-1yht
6
vulnerability VCID-6f8z-s1fz-57b2
7
vulnerability VCID-6jsv-kw7h-9yeu
8
vulnerability VCID-73u9-6qzv-t7f7
9
vulnerability VCID-7bjy-2h8a-ukbe
10
vulnerability VCID-99sz-6eag-3kff
11
vulnerability VCID-9seq-71yb-tfcf
12
vulnerability VCID-beqe-x5p8-23b9
13
vulnerability VCID-c2hc-pbr7-2yhz
14
vulnerability VCID-d49a-szjx-jub1
15
vulnerability VCID-d9qm-h8q2-sfda
16
vulnerability VCID-dztj-3hzz-3bcg
17
vulnerability VCID-eb9n-cwf1-fbga
18
vulnerability VCID-ep8t-7k2h-2kdp
19
vulnerability VCID-epds-vwku-cyed
20
vulnerability VCID-evtz-a8xn-e7b6
21
vulnerability VCID-f6z5-3pp9-7qey
22
vulnerability VCID-gfwc-qjpr-6fgf
23
vulnerability VCID-hthn-qn9g-u3dv
24
vulnerability VCID-j2r3-g95d-hued
25
vulnerability VCID-k7dn-nb9d-ckdk
26
vulnerability VCID-kke1-d8nw-tyhj
27
vulnerability VCID-mmy3-eycu-q7bu
28
vulnerability VCID-p1dw-dttz-x7ee
29
vulnerability VCID-p3dp-ku5j-yke9
30
vulnerability VCID-ph25-5qgg-zfer
31
vulnerability VCID-qxsh-hm7q-5ban
32
vulnerability VCID-rcmj-djgg-bqf7
33
vulnerability VCID-tgj6-8vhq-23ae
34
vulnerability VCID-tkws-gscx-pff6
35
vulnerability VCID-twb2-9ane-tfdw
36
vulnerability VCID-u5rg-89bb-wbfy
37
vulnerability VCID-u9gz-jcnn-syby
38
vulnerability VCID-vcth-rrmy-5qej
39
vulnerability VCID-w2a5-j7ew-mbet
40
vulnerability VCID-w71u-16bg-nke4
41
vulnerability VCID-whty-vwsm-t7gt
42
vulnerability VCID-xftu-6k5q-7ub6
43
vulnerability VCID-xvs7-58y1-3ybj
44
vulnerability VCID-y38f-84j9-fygf
45
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.100
aliases CVE-2025-62261, GHSA-xcj6-xpjg-c4xr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ext6-8u2c-xufv
25
url VCID-f6z5-3pp9-7qey
vulnerability_id VCID-f6z5-3pp9-7qey
summary A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.2, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 allows a remote authenticated attacker to inject JavaScript code via _com_liferay_dynamic_data_mapping_web_portlet_DDMPortlet_definition parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43757
reference_id
reference_type
scores
0
value 0.00041
scoring_system epss
scoring_elements 0.12792
published_at 2026-06-13T12:55:00Z
1
value 0.00041
scoring_system epss
scoring_elements 0.12773
published_at 2026-06-14T12:55:00Z
2
value 0.00041
scoring_system epss
scoring_elements 0.12693
published_at 2026-06-11T12:55:00Z
3
value 0.00041
scoring_system epss
scoring_elements 0.12783
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43757
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/0114bb60238e5ac74b90fba37fa9748c4e6c114a
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/0114bb60238e5ac74b90fba37fa9748c4e6c114a
3
reference_url https://github.com/liferay/liferay-portal/commit/0837982b91c5f9e837ec11a93f7e0986e00738fa
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/0837982b91c5f9e837ec11a93f7e0986e00738fa
4
reference_url https://github.com/liferay/liferay-portal/commit/45492d30bad4084f36e87ef11c29a5bf5fb4046d
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/45492d30bad4084f36e87ef11c29a5bf5fb4046d
5
reference_url https://github.com/liferay/liferay-portal/commit/90396a201d05be5840f99f7487578aab253dfa87
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/90396a201d05be5840f99f7487578aab253dfa87
6
reference_url https://github.com/liferay/liferay-portal/commit/9e0026c8aa444937a2bfd079bcca35ab3dd18f5a
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/9e0026c8aa444937a2bfd079bcca35ab3dd18f5a
7
reference_url https://github.com/liferay/liferay-portal/commit/cc46176ba4142f470d540f2343b36f12a678a240
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/cc46176ba4142f470d540f2343b36f12a678a240
8
reference_url https://github.com/liferay/liferay-portal/commit/d001c5ba8a1477755d7d83b8a00aba23036b045b
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/d001c5ba8a1477755d7d83b8a00aba23036b045b
9
reference_url https://github.com/liferay/liferay-portal/commit/e83d102bf00af3aa4396c1fc5a1d6b3842ccaeb1
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/e83d102bf00af3aa4396c1fc5a1d6b3842ccaeb1
10
reference_url https://liferay.atlassian.net/browse/LPE-18259
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-18259
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43757
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43757
12
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43757
reference_id CVE-2025-43757
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-20T20:00:20Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43757
13
reference_url https://github.com/advisories/GHSA-62pf-hcwj-rcfc
reference_id GHSA-62pf-hcwj-rcfc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-62pf-hcwj-rcfc
fixed_packages
aliases CVE-2025-43757, GHSA-62pf-hcwj-rcfc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f6z5-3pp9-7qey
26
url VCID-gfwc-qjpr-6fgf
vulnerability_id VCID-gfwc-qjpr-6fgf
summary 
Cross-site scripting (XSS) vulnerability in the Blogs widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted <iframe> injected into a blog entry's “Content” text field 

The Blogs widget in Liferay DXP does not add the sandbox attribute to <iframe> elements, which allows remote attackers to access the parent page via scripts and links in the frame page.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-62265
reference_id
reference_type
scores
0
value 0.00031
scoring_system epss
scoring_elements 0.093
published_at 2026-06-11T12:55:00Z
1
value 0.00031
scoring_system epss
scoring_elements 0.09338
published_at 2026-06-14T12:55:00Z
2
value 0.00031
scoring_system epss
scoring_elements 0.09352
published_at 2026-06-12T12:55:00Z
3
value 0.00031
scoring_system epss
scoring_elements 0.09349
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-62265
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62265
reference_id CVE-2025-62265
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-30T19:04:40Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62265
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-62265
reference_id CVE-2025-62265
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-62265
4
reference_url https://github.com/advisories/GHSA-56jv-4ww3-65mw
reference_id GHSA-56jv-4ww3-65mw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-56jv-4ww3-65mw
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-5rce-t9wm-4ycx
2
vulnerability VCID-5ytw-d875-3yfe
3
vulnerability VCID-73u9-6qzv-t7f7
4
vulnerability VCID-7bjy-2h8a-ukbe
5
vulnerability VCID-9seq-71yb-tfcf
6
vulnerability VCID-beqe-x5p8-23b9
7
vulnerability VCID-c2hc-pbr7-2yhz
8
vulnerability VCID-d9qm-h8q2-sfda
9
vulnerability VCID-ep8t-7k2h-2kdp
10
vulnerability VCID-epds-vwku-cyed
11
vulnerability VCID-f6z5-3pp9-7qey
12
vulnerability VCID-hthn-qn9g-u3dv
13
vulnerability VCID-kke1-d8nw-tyhj
14
vulnerability VCID-mmy3-eycu-q7bu
15
vulnerability VCID-ph25-5qgg-zfer
16
vulnerability VCID-rcmj-djgg-bqf7
17
vulnerability VCID-tgj6-8vhq-23ae
18
vulnerability VCID-vcth-rrmy-5qej
19
vulnerability VCID-w2a5-j7ew-mbet
20
vulnerability VCID-w71u-16bg-nke4
21
vulnerability VCID-whty-vwsm-t7gt
22
vulnerability VCID-xftu-6k5q-7ub6
23
vulnerability VCID-xvs7-58y1-3ybj
24
vulnerability VCID-y38f-84j9-fygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112
aliases CVE-2025-62265, GHSA-56jv-4ww3-65mw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gfwc-qjpr-6fgf
27
url VCID-hqwn-t5mr-13ab
vulnerability_id VCID-hqwn-t5mr-13ab
summary Liferay Portal 7.4.0 through 7.4.3.99, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit the number of objects returned from Headless API requests, which allows remote attackers to perform denial-of-service (DoS) attacks on the application by executing a request that returns a large number of objects.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-62260
reference_id
reference_type
scores
0
value 0.00169
scoring_system epss
scoring_elements 0.37906
published_at 2026-06-11T12:55:00Z
1
value 0.00169
scoring_system epss
scoring_elements 0.38096
published_at 2026-06-14T12:55:00Z
2
value 0.00169
scoring_system epss
scoring_elements 0.38082
published_at 2026-06-12T12:55:00Z
3
value 0.00169
scoring_system epss
scoring_elements 0.38108
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-62260
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/5f5c73913b0e7287f7de0b4e19987cc57844b691
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/5f5c73913b0e7287f7de0b4e19987cc57844b691
3
reference_url https://liferay.atlassian.net/browse/LPE-17800
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-17800
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62260
reference_id CVE-2025-62260
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-28T15:01:15Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62260
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-62260
reference_id CVE-2025-62260
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-62260
6
reference_url https://github.com/advisories/GHSA-vgqx-447m-wvcj
reference_id GHSA-vgqx-447m-wvcj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vgqx-447m-wvcj
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.100
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.100
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-4m1t-nd28-43b2
2
vulnerability VCID-55fq-h94e-kuep
3
vulnerability VCID-5rce-t9wm-4ycx
4
vulnerability VCID-5ytw-d875-3yfe
5
vulnerability VCID-69x9-5buz-1yht
6
vulnerability VCID-6f8z-s1fz-57b2
7
vulnerability VCID-6jsv-kw7h-9yeu
8
vulnerability VCID-73u9-6qzv-t7f7
9
vulnerability VCID-7bjy-2h8a-ukbe
10
vulnerability VCID-99sz-6eag-3kff
11
vulnerability VCID-9seq-71yb-tfcf
12
vulnerability VCID-beqe-x5p8-23b9
13
vulnerability VCID-c2hc-pbr7-2yhz
14
vulnerability VCID-d49a-szjx-jub1
15
vulnerability VCID-d9qm-h8q2-sfda
16
vulnerability VCID-dztj-3hzz-3bcg
17
vulnerability VCID-eb9n-cwf1-fbga
18
vulnerability VCID-ep8t-7k2h-2kdp
19
vulnerability VCID-epds-vwku-cyed
20
vulnerability VCID-evtz-a8xn-e7b6
21
vulnerability VCID-f6z5-3pp9-7qey
22
vulnerability VCID-gfwc-qjpr-6fgf
23
vulnerability VCID-hthn-qn9g-u3dv
24
vulnerability VCID-j2r3-g95d-hued
25
vulnerability VCID-k7dn-nb9d-ckdk
26
vulnerability VCID-kke1-d8nw-tyhj
27
vulnerability VCID-mmy3-eycu-q7bu
28
vulnerability VCID-p1dw-dttz-x7ee
29
vulnerability VCID-p3dp-ku5j-yke9
30
vulnerability VCID-ph25-5qgg-zfer
31
vulnerability VCID-qxsh-hm7q-5ban
32
vulnerability VCID-rcmj-djgg-bqf7
33
vulnerability VCID-tgj6-8vhq-23ae
34
vulnerability VCID-tkws-gscx-pff6
35
vulnerability VCID-twb2-9ane-tfdw
36
vulnerability VCID-u5rg-89bb-wbfy
37
vulnerability VCID-u9gz-jcnn-syby
38
vulnerability VCID-vcth-rrmy-5qej
39
vulnerability VCID-w2a5-j7ew-mbet
40
vulnerability VCID-w71u-16bg-nke4
41
vulnerability VCID-whty-vwsm-t7gt
42
vulnerability VCID-xftu-6k5q-7ub6
43
vulnerability VCID-xvs7-58y1-3ybj
44
vulnerability VCID-y38f-84j9-fygf
45
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.100
aliases CVE-2025-62260, GHSA-vgqx-447m-wvcj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hqwn-t5mr-13ab
28
url VCID-hthn-qn9g-u3dv
vulnerability_id VCID-hthn-qn9g-u3dv
summary A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows an remote non-authenticated attacker to inject JavaScript into the google_gadget.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43735
reference_id
reference_type
scores
0
value 0.00208
scoring_system epss
scoring_elements 0.43428
published_at 2026-06-14T12:55:00Z
1
value 0.00208
scoring_system epss
scoring_elements 0.43261
published_at 2026-06-11T12:55:00Z
2
value 0.00208
scoring_system epss
scoring_elements 0.43437
published_at 2026-06-13T12:55:00Z
3
value 0.00208
scoring_system epss
scoring_elements 0.43418
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43735
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/64d19e457ffc9876fd159a907741618843d7aadb
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/64d19e457ffc9876fd159a907741618843d7aadb
3
reference_url https://liferay.atlassian.net/browse/LPE-18158
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-18158
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43735
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43735
5
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43735
reference_id CVE-2025-43735
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-12T13:31:05Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43735
6
reference_url https://github.com/advisories/GHSA-222w-xmc5-jhp3
reference_id GHSA-222w-xmc5-jhp3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-222w-xmc5-jhp3
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.132
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.132
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-5rce-t9wm-4ycx
2
vulnerability VCID-73u9-6qzv-t7f7
3
vulnerability VCID-beqe-x5p8-23b9
4
vulnerability VCID-c2hc-pbr7-2yhz
5
vulnerability VCID-d9qm-h8q2-sfda
6
vulnerability VCID-ep8t-7k2h-2kdp
7
vulnerability VCID-f6z5-3pp9-7qey
8
vulnerability VCID-jpgh-rqqn-x7ge
9
vulnerability VCID-kke1-d8nw-tyhj
10
vulnerability VCID-mmy3-eycu-q7bu
11
vulnerability VCID-ph25-5qgg-zfer
12
vulnerability VCID-rcmj-djgg-bqf7
13
vulnerability VCID-vcth-rrmy-5qej
14
vulnerability VCID-w2a5-j7ew-mbet
15
vulnerability VCID-xftu-6k5q-7ub6
16
vulnerability VCID-xvs7-58y1-3ybj
17
vulnerability VCID-y38f-84j9-fygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.132
aliases CVE-2025-43735, GHSA-222w-xmc5-jhp3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hthn-qn9g-u3dv
29
url VCID-j2r3-g95d-hued
vulnerability_id VCID-j2r3-g95d-hued
summary Cross-site scripting (XSS) vulnerability in web content template in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into a web content structure's Name text field
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43812
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.10239
published_at 2026-06-12T12:55:00Z
1
value 0.00033
scoring_system epss
scoring_elements 0.10231
published_at 2026-06-14T12:55:00Z
2
value 0.00033
scoring_system epss
scoring_elements 0.10191
published_at 2026-06-11T12:55:00Z
3
value 0.00033
scoring_system epss
scoring_elements 0.10245
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43812
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/7466c9ba0126a4a93c85913cbec9b11c687deb36
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/7466c9ba0126a4a93c85913cbec9b11c687deb36
3
reference_url https://liferay.atlassian.net/browse/LPE-17942
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-17942
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43812
reference_id CVE-2025-43812
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T14:45:45Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43812
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43812
reference_id CVE-2025-43812
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43812
6
reference_url https://github.com/advisories/GHSA-jv8x-mm3v-75r7
reference_id GHSA-jv8x-mm3v-75r7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jv8x-mm3v-75r7
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-5rce-t9wm-4ycx
2
vulnerability VCID-5ytw-d875-3yfe
3
vulnerability VCID-73u9-6qzv-t7f7
4
vulnerability VCID-7bjy-2h8a-ukbe
5
vulnerability VCID-9seq-71yb-tfcf
6
vulnerability VCID-beqe-x5p8-23b9
7
vulnerability VCID-c2hc-pbr7-2yhz
8
vulnerability VCID-d9qm-h8q2-sfda
9
vulnerability VCID-ep8t-7k2h-2kdp
10
vulnerability VCID-epds-vwku-cyed
11
vulnerability VCID-f6z5-3pp9-7qey
12
vulnerability VCID-hthn-qn9g-u3dv
13
vulnerability VCID-kke1-d8nw-tyhj
14
vulnerability VCID-mmy3-eycu-q7bu
15
vulnerability VCID-ph25-5qgg-zfer
16
vulnerability VCID-rcmj-djgg-bqf7
17
vulnerability VCID-tgj6-8vhq-23ae
18
vulnerability VCID-vcth-rrmy-5qej
19
vulnerability VCID-w2a5-j7ew-mbet
20
vulnerability VCID-w71u-16bg-nke4
21
vulnerability VCID-whty-vwsm-t7gt
22
vulnerability VCID-xftu-6k5q-7ub6
23
vulnerability VCID-xvs7-58y1-3ybj
24
vulnerability VCID-y38f-84j9-fygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112
aliases CVE-2025-43812, GHSA-jv8x-mm3v-75r7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j2r3-g95d-hued
30
url VCID-kke1-d8nw-tyhj
vulnerability_id VCID-kke1-d8nw-tyhj
summary Liferay Portal 7.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 and 7.3 GA through update 36 allows unauthenticated users with valid credentials to bypass the login process by changing the POST method to GET, once the site has MFA enabled.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-3639
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.13877
published_at 2026-06-13T12:55:00Z
1
value 0.00044
scoring_system epss
scoring_elements 0.13763
published_at 2026-06-11T12:55:00Z
2
value 0.00044
scoring_system epss
scoring_elements 0.13879
published_at 2026-06-12T12:55:00Z
3
value 0.00088
scoring_system epss
scoring_elements 0.25289
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-3639
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/383a4001cfdf533eb077ed6f03bc5f8fed27cf05
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/383a4001cfdf533eb077ed6f03bc5f8fed27cf05
3
reference_url https://github.com/liferay/liferay-portal/commit/774c89c853d4b9d9abb61d6e079dab21f582cc78
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/774c89c853d4b9d9abb61d6e079dab21f582cc78
4
reference_url https://github.com/liferay/liferay-portal/commit/7a70daf60416d536a45fe137d54e1054e9394fa7
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/7a70daf60416d536a45fe137d54e1054e9394fa7
5
reference_url https://github.com/liferay/liferay-portal/commit/a0265c3847af01a37d2a9ad1560e4408f2856518
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/a0265c3847af01a37d2a9ad1560e4408f2856518
6
reference_url https://github.com/liferay/liferay-portal/commit/a5081fefaffdd86a9306320c46e91f98973c39cb
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/a5081fefaffdd86a9306320c46e91f98973c39cb
7
reference_url https://github.com/liferay/liferay-portal/commit/d2806ad26cb194d0c7d654f9c447857e05dd44b2
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/d2806ad26cb194d0c7d654f9c447857e05dd44b2
8
reference_url https://github.com/liferay/liferay-portal/commit/e4bb21b85440157b588ebbd217995113362962cc
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/e4bb21b85440157b588ebbd217995113362962cc
9
reference_url https://github.com/liferay/liferay-portal/commit/e67b47a47f3bccc9a85aeee6a40cd0188787aa0f
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/e67b47a47f3bccc9a85aeee6a40cd0188787aa0f
10
reference_url https://github.com/liferay/liferay-portal/commit/eb0457503fdb8ac49c662b690a6a4eb139ee4c67
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/eb0457503fdb8ac49c662b690a6a4eb139ee4c67
11
reference_url https://liferay.atlassian.net/browse/LPE-18212
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value LOW
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-18212
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-3639
reference_id
reference_type
scores
0
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-3639
13
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3639
reference_id CVE-2025-3639
reference_type
scores
0
value 2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L
1
value 2.0
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-18T19:51:41Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-3639
14
reference_url https://github.com/advisories/GHSA-g4wg-mpfg-x2q6
reference_id GHSA-g4wg-mpfg-x2q6
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g4wg-mpfg-x2q6
fixed_packages
aliases CVE-2025-3639, GHSA-g4wg-mpfg-x2q6
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kke1-d8nw-tyhj
31
url VCID-mmy3-eycu-q7bu
vulnerability_id VCID-mmy3-eycu-q7bu
summary A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through update 92 allows an remote authenticated attacker to inject JavaScript through Custom Object field label. The malicious payload is stored and executed through Process Builder's Configuration tab without proper escaping.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43776
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.14036
published_at 2026-06-13T12:55:00Z
1
value 0.00044
scoring_system epss
scoring_elements 0.1401
published_at 2026-06-14T12:55:00Z
2
value 0.00044
scoring_system epss
scoring_elements 0.13922
published_at 2026-06-11T12:55:00Z
3
value 0.00044
scoring_system epss
scoring_elements 0.14039
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43776
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.atlassian.net/browse/LPE-18277
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-18277
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43776
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43776
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43776
reference_id CVE-2025-43776
reference_type
scores
0
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T15:04:48Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43776
5
reference_url https://github.com/advisories/GHSA-rcc7-jx7p-hrv4
reference_id GHSA-rcc7-jx7p-hrv4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rcc7-jx7p-hrv4
fixed_packages
aliases CVE-2025-43776, GHSA-rcc7-jx7p-hrv4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mmy3-eycu-q7bu
32
url VCID-p1dw-dttz-x7ee
vulnerability_id VCID-p1dw-dttz-x7ee
summary Cross-site scripting (XSS) vulnerability in the Commerce Search Result widget in Liferay Portal 7.4.0 through 7.4.3.111, and Liferay DXP 2023.Q4 before patch 6, 2023.Q3 before patch 9, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a Commerce Product's Name text field.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43823
reference_id
reference_type
scores
0
value 0.00031
scoring_system epss
scoring_elements 0.093
published_at 2026-06-11T12:55:00Z
1
value 0.00033
scoring_system epss
scoring_elements 0.10231
published_at 2026-06-14T12:55:00Z
2
value 0.00033
scoring_system epss
scoring_elements 0.10239
published_at 2026-06-12T12:55:00Z
3
value 0.00033
scoring_system epss
scoring_elements 0.10245
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43823
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43823
reference_id CVE-2025-43823
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-08T13:40:14Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43823
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43823
reference_id CVE-2025-43823
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43823
4
reference_url https://github.com/advisories/GHSA-xx7h-2wf7-hc7p
reference_id GHSA-xx7h-2wf7-hc7p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xx7h-2wf7-hc7p
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-5rce-t9wm-4ycx
2
vulnerability VCID-5ytw-d875-3yfe
3
vulnerability VCID-73u9-6qzv-t7f7
4
vulnerability VCID-7bjy-2h8a-ukbe
5
vulnerability VCID-9seq-71yb-tfcf
6
vulnerability VCID-beqe-x5p8-23b9
7
vulnerability VCID-c2hc-pbr7-2yhz
8
vulnerability VCID-d9qm-h8q2-sfda
9
vulnerability VCID-ep8t-7k2h-2kdp
10
vulnerability VCID-epds-vwku-cyed
11
vulnerability VCID-f6z5-3pp9-7qey
12
vulnerability VCID-hthn-qn9g-u3dv
13
vulnerability VCID-kke1-d8nw-tyhj
14
vulnerability VCID-mmy3-eycu-q7bu
15
vulnerability VCID-ph25-5qgg-zfer
16
vulnerability VCID-rcmj-djgg-bqf7
17
vulnerability VCID-tgj6-8vhq-23ae
18
vulnerability VCID-vcth-rrmy-5qej
19
vulnerability VCID-w2a5-j7ew-mbet
20
vulnerability VCID-w71u-16bg-nke4
21
vulnerability VCID-whty-vwsm-t7gt
22
vulnerability VCID-xftu-6k5q-7ub6
23
vulnerability VCID-xvs7-58y1-3ybj
24
vulnerability VCID-y38f-84j9-fygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112
aliases CVE-2025-43823, GHSA-xx7h-2wf7-hc7p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p1dw-dttz-x7ee
33
url VCID-p3dp-ku5j-yke9
vulnerability_id VCID-p3dp-ku5j-yke9
summary Reflected cross-site scripting (XSS) vulnerability in Languauge Override in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 update 4 through update 92 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_portal_language_override_web_internal_portlet_PLOPortlet_selectedLanguageId` parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-62264
reference_id
reference_type
scores
0
value 0.00031
scoring_system epss
scoring_elements 0.09382
published_at 2026-06-11T12:55:00Z
1
value 0.00031
scoring_system epss
scoring_elements 0.09419
published_at 2026-06-14T12:55:00Z
2
value 0.00031
scoring_system epss
scoring_elements 0.09436
published_at 2026-06-12T12:55:00Z
3
value 0.00031
scoring_system epss
scoring_elements 0.09431
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-62264
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62264
reference_id CVE-2025-62264
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:52:20Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62264
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-62264
reference_id CVE-2025-62264
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-62264
4
reference_url https://github.com/advisories/GHSA-2j97-4jmq-c4xf
reference_id GHSA-2j97-4jmq-c4xf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2j97-4jmq-c4xf
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-5rce-t9wm-4ycx
2
vulnerability VCID-5ytw-d875-3yfe
3
vulnerability VCID-73u9-6qzv-t7f7
4
vulnerability VCID-7bjy-2h8a-ukbe
5
vulnerability VCID-9seq-71yb-tfcf
6
vulnerability VCID-beqe-x5p8-23b9
7
vulnerability VCID-c2hc-pbr7-2yhz
8
vulnerability VCID-d9qm-h8q2-sfda
9
vulnerability VCID-ep8t-7k2h-2kdp
10
vulnerability VCID-epds-vwku-cyed
11
vulnerability VCID-f6z5-3pp9-7qey
12
vulnerability VCID-hthn-qn9g-u3dv
13
vulnerability VCID-kke1-d8nw-tyhj
14
vulnerability VCID-mmy3-eycu-q7bu
15
vulnerability VCID-ph25-5qgg-zfer
16
vulnerability VCID-rcmj-djgg-bqf7
17
vulnerability VCID-tgj6-8vhq-23ae
18
vulnerability VCID-vcth-rrmy-5qej
19
vulnerability VCID-w2a5-j7ew-mbet
20
vulnerability VCID-w71u-16bg-nke4
21
vulnerability VCID-whty-vwsm-t7gt
22
vulnerability VCID-xftu-6k5q-7ub6
23
vulnerability VCID-xvs7-58y1-3ybj
24
vulnerability VCID-y38f-84j9-fygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112
aliases CVE-2025-62264, GHSA-2j97-4jmq-c4xf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p3dp-ku5j-yke9
34
url VCID-pac3-4jrs-pqdg
vulnerability_id VCID-pac3-4jrs-pqdg
summary Reflected cross-site scripting (XSS) vulnerability in the instance settings for Accounts in Liferay Portal 7.4.3.44 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 44 through 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the “Blocked Email Domains” text field
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-40191
reference_id
reference_type
scores
0
value 0.00458
scoring_system epss
scoring_elements 0.64421
published_at 2026-06-11T12:55:00Z
1
value 0.00458
scoring_system epss
scoring_elements 0.64531
published_at 2026-06-14T12:55:00Z
2
value 0.00458
scoring_system epss
scoring_elements 0.64523
published_at 2026-06-12T12:55:00Z
3
value 0.00458
scoring_system epss
scoring_elements 0.64536
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-40191
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-40191
reference_id cve-2023-40191
reference_type
scores
0
value 9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T16:04:15Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-40191
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-40191
reference_id CVE-2023-40191
reference_type
scores
0
value 9.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-40191
4
reference_url https://github.com/advisories/GHSA-468x-frcm-ghx6
reference_id GHSA-468x-frcm-ghx6
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-468x-frcm-ghx6
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.98
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.98
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-4m1t-nd28-43b2
2
vulnerability VCID-55fq-h94e-kuep
3
vulnerability VCID-5rce-t9wm-4ycx
4
vulnerability VCID-5ytw-d875-3yfe
5
vulnerability VCID-69x9-5buz-1yht
6
vulnerability VCID-6f8z-s1fz-57b2
7
vulnerability VCID-6jsv-kw7h-9yeu
8
vulnerability VCID-73u9-6qzv-t7f7
9
vulnerability VCID-7bjy-2h8a-ukbe
10
vulnerability VCID-99sz-6eag-3kff
11
vulnerability VCID-9seq-71yb-tfcf
12
vulnerability VCID-beqe-x5p8-23b9
13
vulnerability VCID-c2hc-pbr7-2yhz
14
vulnerability VCID-d49a-szjx-jub1
15
vulnerability VCID-d9qm-h8q2-sfda
16
vulnerability VCID-dztj-3hzz-3bcg
17
vulnerability VCID-eb9n-cwf1-fbga
18
vulnerability VCID-ep8t-7k2h-2kdp
19
vulnerability VCID-epds-vwku-cyed
20
vulnerability VCID-evtz-a8xn-e7b6
21
vulnerability VCID-ext6-8u2c-xufv
22
vulnerability VCID-f6z5-3pp9-7qey
23
vulnerability VCID-gfwc-qjpr-6fgf
24
vulnerability VCID-hqwn-t5mr-13ab
25
vulnerability VCID-hthn-qn9g-u3dv
26
vulnerability VCID-j2r3-g95d-hued
27
vulnerability VCID-k7dn-nb9d-ckdk
28
vulnerability VCID-kke1-d8nw-tyhj
29
vulnerability VCID-mmy3-eycu-q7bu
30
vulnerability VCID-p1dw-dttz-x7ee
31
vulnerability VCID-p3dp-ku5j-yke9
32
vulnerability VCID-ph25-5qgg-zfer
33
vulnerability VCID-qxsh-hm7q-5ban
34
vulnerability VCID-rcmj-djgg-bqf7
35
vulnerability VCID-tgj6-8vhq-23ae
36
vulnerability VCID-tkws-gscx-pff6
37
vulnerability VCID-twb2-9ane-tfdw
38
vulnerability VCID-twyc-srx8-fudj
39
vulnerability VCID-u5rg-89bb-wbfy
40
vulnerability VCID-u9gz-jcnn-syby
41
vulnerability VCID-vcth-rrmy-5qej
42
vulnerability VCID-w2a5-j7ew-mbet
43
vulnerability VCID-w71u-16bg-nke4
44
vulnerability VCID-whty-vwsm-t7gt
45
vulnerability VCID-xftu-6k5q-7ub6
46
vulnerability VCID-xvs7-58y1-3ybj
47
vulnerability VCID-y38f-84j9-fygf
48
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.98
aliases CVE-2023-40191, GHSA-468x-frcm-ghx6
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pac3-4jrs-pqdg
35
url VCID-ph25-5qgg-zfer
vulnerability_id VCID-ph25-5qgg-zfer
summary A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows a remote authenticated attacker to inject JavaScript code in the “first display label” field in the configuration of a custom sort widget. This malicious payload is then reflected and executed by clay button taglib when refreshing the page.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43734
reference_id
reference_type
scores
0
value 0.0013
scoring_system epss
scoring_elements 0.32182
published_at 2026-06-12T12:55:00Z
1
value 0.0013
scoring_system epss
scoring_elements 0.32179
published_at 2026-06-14T12:55:00Z
2
value 0.0013
scoring_system epss
scoring_elements 0.31998
published_at 2026-06-11T12:55:00Z
3
value 0.0013
scoring_system epss
scoring_elements 0.32199
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43734
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/b4ca1bb0961cc1f230508e072c30815eabce062f
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/b4ca1bb0961cc1f230508e072c30815eabce062f
3
reference_url https://liferay.atlassian.net/browse/LPE-18234
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-18234
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43734
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43734
5
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43734
reference_id CVE-2025-43734
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-12T19:00:01Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43734
6
reference_url https://github.com/advisories/GHSA-m5c7-5gv3-hcpf
reference_id GHSA-m5c7-5gv3-hcpf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m5c7-5gv3-hcpf
fixed_packages
aliases CVE-2025-43734, GHSA-m5c7-5gv3-hcpf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ph25-5qgg-zfer
36
url VCID-rcmj-djgg-bqf7
vulnerability_id VCID-rcmj-djgg-bqf7
summary A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.2, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 allows a remote authenticated attacker to inject JavaScript code via _com_liferay_dynamic_data_mapping_web_portlet_DDMPortlet_portletNamespace and _com_liferay_dynamic_data_mapping_web_portlet_DDMPortlet_namespace parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43746
reference_id
reference_type
scores
0
value 0.00041
scoring_system epss
scoring_elements 0.12783
published_at 2026-06-12T12:55:00Z
1
value 0.00041
scoring_system epss
scoring_elements 0.12773
published_at 2026-06-14T12:55:00Z
2
value 0.00041
scoring_system epss
scoring_elements 0.12693
published_at 2026-06-11T12:55:00Z
3
value 0.00041
scoring_system epss
scoring_elements 0.12792
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43746
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/5ca8331da4503ae336818a747e43817066f27b73
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/5ca8331da4503ae336818a747e43817066f27b73
3
reference_url https://github.com/liferay/liferay-portal/commit/7ac0f245435a18e42291186907ad6dbf0e4e8a43
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/7ac0f245435a18e42291186907ad6dbf0e4e8a43
4
reference_url https://github.com/liferay/liferay-portal/commit/c4c34a13094356160474c06c3a115723d97f75ab
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/c4c34a13094356160474c06c3a115723d97f75ab
5
reference_url https://liferay.atlassian.net/browse/LPE-18244
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-18244
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43746
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43746
7
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43746
reference_id CVE-2025-43746
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-20T18:53:24Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43746
8
reference_url https://github.com/advisories/GHSA-mpww-r37c-vxjw
reference_id GHSA-mpww-r37c-vxjw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mpww-r37c-vxjw
fixed_packages
aliases CVE-2025-43746, GHSA-mpww-r37c-vxjw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rcmj-djgg-bqf7
37
url VCID-ser9-x7zq-dqdv
vulnerability_id VCID-ser9-x7zq-dqdv
summary Cross-site scripting (XSS) vulnerability in Layout module in Liferay Portal 7.3.4 through 7.4.3.68, and Liferay DXP 7.3 before update 24, and 7.4 before update 69 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a container type layout fragment's `URL` text field.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-33944
reference_id
reference_type
scores
0
value 0.00304
scoring_system epss
scoring_elements 0.5418
published_at 2026-06-12T12:55:00Z
1
value 0.00304
scoring_system epss
scoring_elements 0.54185
published_at 2026-06-14T12:55:00Z
2
value 0.00304
scoring_system epss
scoring_elements 0.54054
published_at 2026-06-11T12:55:00Z
3
value 0.00304
scoring_system epss
scoring_elements 0.54198
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-33944
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-33944
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-33944
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33944
reference_id cve-2023-33944
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:45:15Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33944
4
reference_url https://github.com/advisories/GHSA-pfwc-4frf-4gf8
reference_id GHSA-pfwc-4frf-4gf8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pfwc-4frf-4gf8
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.69
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.69
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-4m1t-nd28-43b2
2
vulnerability VCID-55fq-h94e-kuep
3
vulnerability VCID-5rce-t9wm-4ycx
4
vulnerability VCID-5ytw-d875-3yfe
5
vulnerability VCID-69x9-5buz-1yht
6
vulnerability VCID-6f8z-s1fz-57b2
7
vulnerability VCID-6jsv-kw7h-9yeu
8
vulnerability VCID-73u9-6qzv-t7f7
9
vulnerability VCID-7bjy-2h8a-ukbe
10
vulnerability VCID-99sz-6eag-3kff
11
vulnerability VCID-9seq-71yb-tfcf
12
vulnerability VCID-beqe-x5p8-23b9
13
vulnerability VCID-c2hc-pbr7-2yhz
14
vulnerability VCID-d49a-szjx-jub1
15
vulnerability VCID-d9qm-h8q2-sfda
16
vulnerability VCID-deaj-uts6-aqb5
17
vulnerability VCID-dztj-3hzz-3bcg
18
vulnerability VCID-eb9n-cwf1-fbga
19
vulnerability VCID-ep8t-7k2h-2kdp
20
vulnerability VCID-epds-vwku-cyed
21
vulnerability VCID-evtz-a8xn-e7b6
22
vulnerability VCID-ext6-8u2c-xufv
23
vulnerability VCID-f6z5-3pp9-7qey
24
vulnerability VCID-gfwc-qjpr-6fgf
25
vulnerability VCID-hqwn-t5mr-13ab
26
vulnerability VCID-hthn-qn9g-u3dv
27
vulnerability VCID-j2r3-g95d-hued
28
vulnerability VCID-kke1-d8nw-tyhj
29
vulnerability VCID-mmy3-eycu-q7bu
30
vulnerability VCID-p1dw-dttz-x7ee
31
vulnerability VCID-p3dp-ku5j-yke9
32
vulnerability VCID-pac3-4jrs-pqdg
33
vulnerability VCID-ph25-5qgg-zfer
34
vulnerability VCID-rcmj-djgg-bqf7
35
vulnerability VCID-te96-dz9q-z3cy
36
vulnerability VCID-tkws-gscx-pff6
37
vulnerability VCID-twb2-9ane-tfdw
38
vulnerability VCID-u5rg-89bb-wbfy
39
vulnerability VCID-u9gz-jcnn-syby
40
vulnerability VCID-vcth-rrmy-5qej
41
vulnerability VCID-w2a5-j7ew-mbet
42
vulnerability VCID-w71u-16bg-nke4
43
vulnerability VCID-whty-vwsm-t7gt
44
vulnerability VCID-xftu-6k5q-7ub6
45
vulnerability VCID-xvs7-58y1-3ybj
46
vulnerability VCID-y38f-84j9-fygf
47
vulnerability VCID-zc53-8p5g-2kcv
48
vulnerability VCID-zkm4-bz55-9bb8
49
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.69
aliases CVE-2023-33944, GHSA-pfwc-4frf-4gf8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ser9-x7zq-dqdv
38
url VCID-te96-dz9q-z3cy
vulnerability_id VCID-te96-dz9q-z3cy
summary Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote attackers to consume an excessive amount of server resources via crafted request URLs.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-33950
reference_id
reference_type
scores
0
value 0.00669
scoring_system epss
scoring_elements 0.71907
published_at 2026-06-12T12:55:00Z
1
value 0.00669
scoring_system epss
scoring_elements 0.71918
published_at 2026-06-14T12:55:00Z
2
value 0.00669
scoring_system epss
scoring_elements 0.71822
published_at 2026-06-11T12:55:00Z
3
value 0.00669
scoring_system epss
scoring_elements 0.71921
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-33950
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-33950
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-33950
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33950
reference_id cve-2023-33950
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:43:43Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33950
4
reference_url https://github.com/advisories/GHSA-chrc-q6v3-jfv8
reference_id GHSA-chrc-q6v3-jfv8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-chrc-q6v3-jfv8
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.77
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.77
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-4m1t-nd28-43b2
2
vulnerability VCID-55fq-h94e-kuep
3
vulnerability VCID-5rce-t9wm-4ycx
4
vulnerability VCID-5ytw-d875-3yfe
5
vulnerability VCID-69x9-5buz-1yht
6
vulnerability VCID-6f8z-s1fz-57b2
7
vulnerability VCID-6jsv-kw7h-9yeu
8
vulnerability VCID-73u9-6qzv-t7f7
9
vulnerability VCID-7bjy-2h8a-ukbe
10
vulnerability VCID-99sz-6eag-3kff
11
vulnerability VCID-9seq-71yb-tfcf
12
vulnerability VCID-beqe-x5p8-23b9
13
vulnerability VCID-c2hc-pbr7-2yhz
14
vulnerability VCID-d49a-szjx-jub1
15
vulnerability VCID-d9qm-h8q2-sfda
16
vulnerability VCID-deaj-uts6-aqb5
17
vulnerability VCID-dztj-3hzz-3bcg
18
vulnerability VCID-eb9n-cwf1-fbga
19
vulnerability VCID-ep8t-7k2h-2kdp
20
vulnerability VCID-epds-vwku-cyed
21
vulnerability VCID-evtz-a8xn-e7b6
22
vulnerability VCID-ext6-8u2c-xufv
23
vulnerability VCID-f6z5-3pp9-7qey
24
vulnerability VCID-ftc3-14sd-tyb1
25
vulnerability VCID-gfwc-qjpr-6fgf
26
vulnerability VCID-ghf8-8g41-pfd9
27
vulnerability VCID-hqwn-t5mr-13ab
28
vulnerability VCID-hthn-qn9g-u3dv
29
vulnerability VCID-j2r3-g95d-hued
30
vulnerability VCID-k7dn-nb9d-ckdk
31
vulnerability VCID-kke1-d8nw-tyhj
32
vulnerability VCID-mmy3-eycu-q7bu
33
vulnerability VCID-p1dw-dttz-x7ee
34
vulnerability VCID-p3dp-ku5j-yke9
35
vulnerability VCID-pac3-4jrs-pqdg
36
vulnerability VCID-ph25-5qgg-zfer
37
vulnerability VCID-qxsh-hm7q-5ban
38
vulnerability VCID-rcmj-djgg-bqf7
39
vulnerability VCID-tkws-gscx-pff6
40
vulnerability VCID-twb2-9ane-tfdw
41
vulnerability VCID-twyc-srx8-fudj
42
vulnerability VCID-u5rg-89bb-wbfy
43
vulnerability VCID-u9gz-jcnn-syby
44
vulnerability VCID-vcth-rrmy-5qej
45
vulnerability VCID-w2a5-j7ew-mbet
46
vulnerability VCID-w71u-16bg-nke4
47
vulnerability VCID-whty-vwsm-t7gt
48
vulnerability VCID-xftu-6k5q-7ub6
49
vulnerability VCID-xvs7-58y1-3ybj
50
vulnerability VCID-y38f-84j9-fygf
51
vulnerability VCID-zc53-8p5g-2kcv
52
vulnerability VCID-zkm4-bz55-9bb8
53
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.77
aliases CVE-2023-33950, GHSA-chrc-q6v3-jfv8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-te96-dz9q-z3cy
39
url VCID-tkws-gscx-pff6
vulnerability_id VCID-tkws-gscx-pff6
summary Multiple cross-site scripting (XSS) vulnerabilities in the Calendar widget when inviting users to a event in Liferay Portal 7.4.3.35 through 7.4.3.110, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.6, 7.4 update 35 through update 92, and 7.3 update 25 through update 35 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user’s (1) First Name, (2) Middle text, or (3) Last Name text fields.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43820
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.10191
published_at 2026-06-11T12:55:00Z
1
value 0.00033
scoring_system epss
scoring_elements 0.10231
published_at 2026-06-14T12:55:00Z
2
value 0.00033
scoring_system epss
scoring_elements 0.10239
published_at 2026-06-12T12:55:00Z
3
value 0.00033
scoring_system epss
scoring_elements 0.10245
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43820
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43820
reference_id CVE-2025-43820
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-30T14:46:02Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43820
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43820
reference_id CVE-2025-43820
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43820
4
reference_url https://github.com/advisories/GHSA-pf86-4w35-cj89
reference_id GHSA-pf86-4w35-cj89
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pf86-4w35-cj89
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.111-ga111
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.111-ga111
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-j2r3-g95d-hued
1
vulnerability VCID-qxsh-hm7q-5ban
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.111-ga111
1
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-5rce-t9wm-4ycx
2
vulnerability VCID-5ytw-d875-3yfe
3
vulnerability VCID-69x9-5buz-1yht
4
vulnerability VCID-6jsv-kw7h-9yeu
5
vulnerability VCID-73u9-6qzv-t7f7
6
vulnerability VCID-7bjy-2h8a-ukbe
7
vulnerability VCID-9seq-71yb-tfcf
8
vulnerability VCID-beqe-x5p8-23b9
9
vulnerability VCID-c2hc-pbr7-2yhz
10
vulnerability VCID-d9qm-h8q2-sfda
11
vulnerability VCID-dztj-3hzz-3bcg
12
vulnerability VCID-ep8t-7k2h-2kdp
13
vulnerability VCID-epds-vwku-cyed
14
vulnerability VCID-f6z5-3pp9-7qey
15
vulnerability VCID-gfwc-qjpr-6fgf
16
vulnerability VCID-hthn-qn9g-u3dv
17
vulnerability VCID-j2r3-g95d-hued
18
vulnerability VCID-kke1-d8nw-tyhj
19
vulnerability VCID-mmy3-eycu-q7bu
20
vulnerability VCID-p1dw-dttz-x7ee
21
vulnerability VCID-p3dp-ku5j-yke9
22
vulnerability VCID-ph25-5qgg-zfer
23
vulnerability VCID-qxsh-hm7q-5ban
24
vulnerability VCID-rcmj-djgg-bqf7
25
vulnerability VCID-tgj6-8vhq-23ae
26
vulnerability VCID-u5rg-89bb-wbfy
27
vulnerability VCID-vcth-rrmy-5qej
28
vulnerability VCID-w2a5-j7ew-mbet
29
vulnerability VCID-w71u-16bg-nke4
30
vulnerability VCID-whty-vwsm-t7gt
31
vulnerability VCID-xftu-6k5q-7ub6
32
vulnerability VCID-xvs7-58y1-3ybj
33
vulnerability VCID-y38f-84j9-fygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112
aliases CVE-2025-43820, GHSA-pf86-4w35-cj89
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tkws-gscx-pff6
40
url VCID-twb2-9ane-tfdw
vulnerability_id VCID-twb2-9ane-tfdw
summary Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35, and older unsupported versions does not limit access to APIs before a user has changed their initial password, which allows remote users to access and edit content via the API.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43799
reference_id
reference_type
scores
0
value 0.00073
scoring_system epss
scoring_elements 0.22463
published_at 2026-06-13T12:55:00Z
1
value 0.00073
scoring_system epss
scoring_elements 0.22443
published_at 2026-06-14T12:55:00Z
2
value 0.00073
scoring_system epss
scoring_elements 0.22258
published_at 2026-06-11T12:55:00Z
3
value 0.00073
scoring_system epss
scoring_elements 0.2245
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43799
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43799
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43799
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43799
reference_id CVE-2025-43799
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-15T20:40:56Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43799
4
reference_url https://github.com/advisories/GHSA-43xf-59vr-g4f2
reference_id GHSA-43xf-59vr-g4f2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-43xf-59vr-g4f2
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-5rce-t9wm-4ycx
2
vulnerability VCID-5ytw-d875-3yfe
3
vulnerability VCID-69x9-5buz-1yht
4
vulnerability VCID-6jsv-kw7h-9yeu
5
vulnerability VCID-73u9-6qzv-t7f7
6
vulnerability VCID-7bjy-2h8a-ukbe
7
vulnerability VCID-9seq-71yb-tfcf
8
vulnerability VCID-beqe-x5p8-23b9
9
vulnerability VCID-c2hc-pbr7-2yhz
10
vulnerability VCID-d9qm-h8q2-sfda
11
vulnerability VCID-dztj-3hzz-3bcg
12
vulnerability VCID-ep8t-7k2h-2kdp
13
vulnerability VCID-epds-vwku-cyed
14
vulnerability VCID-f6z5-3pp9-7qey
15
vulnerability VCID-gfwc-qjpr-6fgf
16
vulnerability VCID-hthn-qn9g-u3dv
17
vulnerability VCID-j2r3-g95d-hued
18
vulnerability VCID-kke1-d8nw-tyhj
19
vulnerability VCID-mmy3-eycu-q7bu
20
vulnerability VCID-p1dw-dttz-x7ee
21
vulnerability VCID-p3dp-ku5j-yke9
22
vulnerability VCID-ph25-5qgg-zfer
23
vulnerability VCID-qxsh-hm7q-5ban
24
vulnerability VCID-rcmj-djgg-bqf7
25
vulnerability VCID-tgj6-8vhq-23ae
26
vulnerability VCID-u5rg-89bb-wbfy
27
vulnerability VCID-vcth-rrmy-5qej
28
vulnerability VCID-w2a5-j7ew-mbet
29
vulnerability VCID-w71u-16bg-nke4
30
vulnerability VCID-whty-vwsm-t7gt
31
vulnerability VCID-xftu-6k5q-7ub6
32
vulnerability VCID-xvs7-58y1-3ybj
33
vulnerability VCID-y38f-84j9-fygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112
aliases CVE-2025-43799, GHSA-43xf-59vr-g4f2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-twb2-9ane-tfdw
41
url VCID-u5rg-89bb-wbfy
vulnerability_id VCID-u5rg-89bb-wbfy
summary Stored cross-site scripting (XSS) vulnerability in Forms in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, and 7.3 GA through update 35 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a form with a rich text type field.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43830
reference_id
reference_type
scores
0
value 0.00031
scoring_system epss
scoring_elements 0.09382
published_at 2026-06-11T12:55:00Z
1
value 0.00031
scoring_system epss
scoring_elements 0.09436
published_at 2026-06-12T12:55:00Z
2
value 0.00033
scoring_system epss
scoring_elements 0.10332
published_at 2026-06-13T12:55:00Z
3
value 0.00033
scoring_system epss
scoring_elements 0.10309
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43830
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43830
reference_id CVE-2025-43830
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-08T13:36:35Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43830
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43830
reference_id CVE-2025-43830
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43830
4
reference_url https://github.com/advisories/GHSA-378f-8q54-3fqx
reference_id GHSA-378f-8q54-3fqx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-378f-8q54-3fqx
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-5rce-t9wm-4ycx
2
vulnerability VCID-5ytw-d875-3yfe
3
vulnerability VCID-73u9-6qzv-t7f7
4
vulnerability VCID-7bjy-2h8a-ukbe
5
vulnerability VCID-9seq-71yb-tfcf
6
vulnerability VCID-beqe-x5p8-23b9
7
vulnerability VCID-c2hc-pbr7-2yhz
8
vulnerability VCID-d9qm-h8q2-sfda
9
vulnerability VCID-ep8t-7k2h-2kdp
10
vulnerability VCID-epds-vwku-cyed
11
vulnerability VCID-f6z5-3pp9-7qey
12
vulnerability VCID-hthn-qn9g-u3dv
13
vulnerability VCID-kke1-d8nw-tyhj
14
vulnerability VCID-mmy3-eycu-q7bu
15
vulnerability VCID-ph25-5qgg-zfer
16
vulnerability VCID-rcmj-djgg-bqf7
17
vulnerability VCID-tgj6-8vhq-23ae
18
vulnerability VCID-vcth-rrmy-5qej
19
vulnerability VCID-w2a5-j7ew-mbet
20
vulnerability VCID-w71u-16bg-nke4
21
vulnerability VCID-whty-vwsm-t7gt
22
vulnerability VCID-xftu-6k5q-7ub6
23
vulnerability VCID-xvs7-58y1-3ybj
24
vulnerability VCID-y38f-84j9-fygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112-ga112
aliases CVE-2025-43830, GHSA-378f-8q54-3fqx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u5rg-89bb-wbfy
42
url VCID-u9gz-jcnn-syby
vulnerability_id VCID-u9gz-jcnn-syby
summary Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.3.2 through 7.4.3.107, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 GA through update 35 allows remote attackers to (1) change user passwords, (2) shut down the server, (3) execute arbitrary code in the scripting console, (4) and perform other administrative actions via the p_l_back_url parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26272
reference_id
reference_type
scores
0
value 0.03261
scoring_system epss
scoring_elements 0.8748
published_at 2026-06-14T12:55:00Z
1
value 0.03261
scoring_system epss
scoring_elements 0.87434
published_at 2026-06-11T12:55:00Z
2
value 0.03261
scoring_system epss
scoring_elements 0.87478
published_at 2026-06-12T12:55:00Z
3
value 0.03261
scoring_system epss
scoring_elements 0.87483
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26272
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26272
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26272
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-26272
reference_id CVE-2024-26272
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T15:15:06Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-26272
4
reference_url https://github.com/advisories/GHSA-p63m-vmjr-wg37
reference_id GHSA-p63m-vmjr-wg37
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p63m-vmjr-wg37
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.108
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.108
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.108
1
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-5rce-t9wm-4ycx
2
vulnerability VCID-5ytw-d875-3yfe
3
vulnerability VCID-69x9-5buz-1yht
4
vulnerability VCID-6jsv-kw7h-9yeu
5
vulnerability VCID-73u9-6qzv-t7f7
6
vulnerability VCID-7bjy-2h8a-ukbe
7
vulnerability VCID-9seq-71yb-tfcf
8
vulnerability VCID-beqe-x5p8-23b9
9
vulnerability VCID-c2hc-pbr7-2yhz
10
vulnerability VCID-d9qm-h8q2-sfda
11
vulnerability VCID-dztj-3hzz-3bcg
12
vulnerability VCID-ep8t-7k2h-2kdp
13
vulnerability VCID-epds-vwku-cyed
14
vulnerability VCID-f6z5-3pp9-7qey
15
vulnerability VCID-gfwc-qjpr-6fgf
16
vulnerability VCID-hthn-qn9g-u3dv
17
vulnerability VCID-j2r3-g95d-hued
18
vulnerability VCID-kke1-d8nw-tyhj
19
vulnerability VCID-mmy3-eycu-q7bu
20
vulnerability VCID-p1dw-dttz-x7ee
21
vulnerability VCID-p3dp-ku5j-yke9
22
vulnerability VCID-ph25-5qgg-zfer
23
vulnerability VCID-qxsh-hm7q-5ban
24
vulnerability VCID-rcmj-djgg-bqf7
25
vulnerability VCID-tgj6-8vhq-23ae
26
vulnerability VCID-u5rg-89bb-wbfy
27
vulnerability VCID-vcth-rrmy-5qej
28
vulnerability VCID-w2a5-j7ew-mbet
29
vulnerability VCID-w71u-16bg-nke4
30
vulnerability VCID-whty-vwsm-t7gt
31
vulnerability VCID-xftu-6k5q-7ub6
32
vulnerability VCID-xvs7-58y1-3ybj
33
vulnerability VCID-y38f-84j9-fygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.112
aliases CVE-2024-26272, GHSA-p63m-vmjr-wg37
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u9gz-jcnn-syby
43
url VCID-vcth-rrmy-5qej
vulnerability_id VCID-vcth-rrmy-5qej
summary A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4, 2024.Q4.0 through 2024.Q4.6, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.20 and 7.4 GA through update 92 allows an remote authenticated attacker to inject JavaScript into the PortalUtil.escapeRedirect
references
0
reference_url http://github.com/liferay/liferay-portal/commit/58b365ffe2f088b308cfae207474ade3e143bbf9
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/liferay/liferay-portal/commit/58b365ffe2f088b308cfae207474ade3e143bbf9
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43760
reference_id
reference_type
scores
0
value 0.00048
scoring_system epss
scoring_elements 0.15365
published_at 2026-06-11T12:55:00Z
1
value 0.00048
scoring_system epss
scoring_elements 0.15509
published_at 2026-06-13T12:55:00Z
2
value 0.00048
scoring_system epss
scoring_elements 0.15501
published_at 2026-06-12T12:55:00Z
3
value 0.00048
scoring_system epss
scoring_elements 0.15476
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43760
2
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
3
reference_url https://github.com/liferay/liferay-portal/commit/7a1a7f0359e99be27ca04dab119e867c2263f040
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/7a1a7f0359e99be27ca04dab119e867c2263f040
4
reference_url https://github.com/liferay/liferay-portal/commit/7c742f32f536dadfdbcad68acd20c63363728a25
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/7c742f32f536dadfdbcad68acd20c63363728a25
5
reference_url https://github.com/liferay/liferay-portal/commit/8f5989233fe36261df8e7bb356b1cc833ba4f34e
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/8f5989233fe36261df8e7bb356b1cc833ba4f34e
6
reference_url https://github.com/liferay/liferay-portal/commit/9485d39fa2b66cfc075b16fddaafa9fca64a5687
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/9485d39fa2b66cfc075b16fddaafa9fca64a5687
7
reference_url https://github.com/liferay/liferay-portal/commit/aa88fd90657cd83d92ed2e6fbcbc28e5cf7e3fca
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/aa88fd90657cd83d92ed2e6fbcbc28e5cf7e3fca
8
reference_url https://github.com/liferay/liferay-portal/commit/c457c6d72685db48ed07562a33c67d7998e88b27
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/c457c6d72685db48ed07562a33c67d7998e88b27
9
reference_url https://github.com/liferay/liferay-portal/commit/ddd3a57cd5d3a8891673491b8b6cb680dff1f3c5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/ddd3a57cd5d3a8891673491b8b6cb680dff1f3c5
10
reference_url https://liferay.atlassian.net/browse/LPE-18156
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-18156
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43760
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43760
12
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43760
reference_id CVE-2025-43760
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-22T18:00:22Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43760
13
reference_url https://github.com/advisories/GHSA-fvqv-593q-qp8r
reference_id GHSA-fvqv-593q-qp8r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fvqv-593q-qp8r
fixed_packages
aliases CVE-2025-43760, GHSA-fvqv-593q-qp8r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vcth-rrmy-5qej
44
url VCID-w2a5-j7ew-mbet
vulnerability_id VCID-w2a5-j7ew-mbet
summary A stored DOM-based Cross-Site Scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.5, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through update 92 exists in the Asset Publisher configuration UI within the Source.js module. This vulnerability allows attackers to inject arbitrary JavaScript via DDM structure field labels which are then inserted into the DOM using innerHTML without proper encoding.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43744
reference_id
reference_type
scores
0
value 0.0005
scoring_system epss
scoring_elements 0.16033
published_at 2026-06-12T12:55:00Z
1
value 0.0005
scoring_system epss
scoring_elements 0.16011
published_at 2026-06-14T12:55:00Z
2
value 0.0005
scoring_system epss
scoring_elements 0.15893
published_at 2026-06-11T12:55:00Z
3
value 0.0005
scoring_system epss
scoring_elements 0.16045
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43744
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://github.com/liferay/liferay-portal/commit/3b36fadfe92437deab4a55029a1a369e046f3829
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/3b36fadfe92437deab4a55029a1a369e046f3829
3
reference_url https://github.com/liferay/liferay-portal/commit/c07a490b3d3759f38c5473cda74e99540bd0235e
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/c07a490b3d3759f38c5473cda74e99540bd0235e
4
reference_url https://liferay.atlassian.net/browse/LPE-18271
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-18271
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43744
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43744
6
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43744
reference_id CVE-2025-43744
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-20T14:14:31Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43744
7
reference_url https://github.com/advisories/GHSA-m49p-6cjp-x2h3
reference_id GHSA-m49p-6cjp-x2h3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m49p-6cjp-x2h3
fixed_packages
aliases CVE-2025-43744, GHSA-m49p-6cjp-x2h3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w2a5-j7ew-mbet
45
url VCID-w71u-16bg-nke4
vulnerability_id VCID-w71u-16bg-nke4
summary The data exposure vulnerability in Liferay Portal 7.4.0 through 7.4.3.126, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.12, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92 allows an unauthorized user to obtain entry data from forms.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-2565
reference_id
reference_type
scores
0
value 0.00356
scoring_system epss
scoring_elements 0.5838
published_at 2026-06-12T12:55:00Z
1
value 0.00356
scoring_system epss
scoring_elements 0.58385
published_at 2026-06-14T12:55:00Z
2
value 0.00356
scoring_system epss
scoring_elements 0.58268
published_at 2026-06-11T12:55:00Z
3
value 0.00356
scoring_system epss
scoring_elements 0.58396
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-2565
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-2565
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-2565
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-2565
reference_id cve-2025-2565
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:53:33Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2025-2565
4
reference_url https://github.com/advisories/GHSA-9fcg-wrp8-qhr4
reference_id GHSA-9fcg-wrp8-qhr4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9fcg-wrp8-qhr4
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.129
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.129
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-5rce-t9wm-4ycx
2
vulnerability VCID-73u9-6qzv-t7f7
3
vulnerability VCID-beqe-x5p8-23b9
4
vulnerability VCID-c2hc-pbr7-2yhz
5
vulnerability VCID-d9qm-h8q2-sfda
6
vulnerability VCID-ep8t-7k2h-2kdp
7
vulnerability VCID-epds-vwku-cyed
8
vulnerability VCID-f6z5-3pp9-7qey
9
vulnerability VCID-hthn-qn9g-u3dv
10
vulnerability VCID-jpgh-rqqn-x7ge
11
vulnerability VCID-kke1-d8nw-tyhj
12
vulnerability VCID-mmy3-eycu-q7bu
13
vulnerability VCID-ph25-5qgg-zfer
14
vulnerability VCID-rcmj-djgg-bqf7
15
vulnerability VCID-vcth-rrmy-5qej
16
vulnerability VCID-w2a5-j7ew-mbet
17
vulnerability VCID-xftu-6k5q-7ub6
18
vulnerability VCID-xvs7-58y1-3ybj
19
vulnerability VCID-y38f-84j9-fygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.129
aliases CVE-2025-2565, GHSA-9fcg-wrp8-qhr4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w71u-16bg-nke4
46
url VCID-whty-vwsm-t7gt
vulnerability_id VCID-whty-vwsm-t7gt
summary Insufficient CSRF protection for omni-administrator users in Liferay Portal 7.0.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.6, 2023.Q4.0 through 2023.Q4.9, 2023.Q3.1 through 2023.Q3.9, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allows attackers to execute Cross-Site Request Forgery
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43748
reference_id
reference_type
scores
0
value 0.00036
scoring_system epss
scoring_elements 0.11011
published_at 2026-06-14T12:55:00Z
1
value 0.00036
scoring_system epss
scoring_elements 0.10981
published_at 2026-06-11T12:55:00Z
2
value 0.00036
scoring_system epss
scoring_elements 0.11044
published_at 2026-06-12T12:55:00Z
3
value 0.00036
scoring_system epss
scoring_elements 0.11042
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43748
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.atlassian.net/browse/LPE-17839
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-17839
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43748
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43748
4
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43748
reference_id CVE-2025-43748
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-22T03:55:44Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43748
5
reference_url https://github.com/advisories/GHSA-p9gc-59hf-x48p
reference_id GHSA-p9gc-59hf-x48p
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p9gc-59hf-x48p
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.120-ga120
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.120-ga120
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-jpgh-rqqn-x7ge
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.120-ga120
1
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.125
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.125
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-5rce-t9wm-4ycx
2
vulnerability VCID-73u9-6qzv-t7f7
3
vulnerability VCID-9seq-71yb-tfcf
4
vulnerability VCID-beqe-x5p8-23b9
5
vulnerability VCID-c2hc-pbr7-2yhz
6
vulnerability VCID-d9qm-h8q2-sfda
7
vulnerability VCID-ep8t-7k2h-2kdp
8
vulnerability VCID-epds-vwku-cyed
9
vulnerability VCID-f6z5-3pp9-7qey
10
vulnerability VCID-hthn-qn9g-u3dv
11
vulnerability VCID-jpgh-rqqn-x7ge
12
vulnerability VCID-kke1-d8nw-tyhj
13
vulnerability VCID-mmy3-eycu-q7bu
14
vulnerability VCID-ph25-5qgg-zfer
15
vulnerability VCID-rcmj-djgg-bqf7
16
vulnerability VCID-tgj6-8vhq-23ae
17
vulnerability VCID-vcth-rrmy-5qej
18
vulnerability VCID-w2a5-j7ew-mbet
19
vulnerability VCID-w71u-16bg-nke4
20
vulnerability VCID-xftu-6k5q-7ub6
21
vulnerability VCID-xvs7-58y1-3ybj
22
vulnerability VCID-y38f-84j9-fygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.125
aliases CVE-2025-43748, GHSA-p9gc-59hf-x48p
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-whty-vwsm-t7gt
47
url VCID-xftu-6k5q-7ub6
vulnerability_id VCID-xftu-6k5q-7ub6
summary SSRF vulnerability in FreeMarker templates in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows template editors to bypass access validations via crafted URLs.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-4655
reference_id
reference_type
scores
0
value 0.00167
scoring_system epss
scoring_elements 0.37837
published_at 2026-06-12T12:55:00Z
1
value 0.00167
scoring_system epss
scoring_elements 0.3785
published_at 2026-06-14T12:55:00Z
2
value 0.00167
scoring_system epss
scoring_elements 0.37659
published_at 2026-06-11T12:55:00Z
3
value 0.00167
scoring_system epss
scoring_elements 0.37862
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-4655
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-4655
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-4655
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-4655
reference_id CVE-2025-4655
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-11T18:52:11Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-4655
4
reference_url https://github.com/advisories/GHSA-c6g5-g6r7-q4j6
reference_id GHSA-c6g5-g6r7-q4j6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c6g5-g6r7-q4j6
fixed_packages
aliases CVE-2025-4655, GHSA-c6g5-g6r7-q4j6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xftu-6k5q-7ub6
48
url VCID-xvs7-58y1-3ybj
vulnerability_id VCID-xvs7-58y1-3ybj
summary Username enumeration vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows attackers to determine if an account exist in the application by inspecting the server processing time of the login request.
references
0
reference_url http://github.com/liferay/liferay-portal/commit/8199c568a66d66d6ad7ac450d3c69f6e0e9bd181
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://github.com/liferay/liferay-portal/commit/8199c568a66d66d6ad7ac450d3c69f6e0e9bd181
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-43754
reference_id
reference_type
scores
0
value 0.00085
scoring_system epss
scoring_elements 0.24823
published_at 2026-06-12T12:55:00Z
1
value 0.00085
scoring_system epss
scoring_elements 0.2482
published_at 2026-06-14T12:55:00Z
2
value 0.00085
scoring_system epss
scoring_elements 0.24624
published_at 2026-06-11T12:55:00Z
3
value 0.00085
scoring_system epss
scoring_elements 0.24835
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-43754
2
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
3
reference_url https://github.com/liferay/liferay-portal/commit/06b603671f0e76cd50f56d803a310a3c79944d1d
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/06b603671f0e76cd50f56d803a310a3c79944d1d
4
reference_url https://github.com/liferay/liferay-portal/commit/18a88af5409a5085cb094f5bc55229d5e03a9f29
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/18a88af5409a5085cb094f5bc55229d5e03a9f29
5
reference_url https://github.com/liferay/liferay-portal/commit/33697cf599a2c573ef9571696af55476ecc2ada6
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/33697cf599a2c573ef9571696af55476ecc2ada6
6
reference_url https://github.com/liferay/liferay-portal/commit/367dc7d19aa31eaf881f217ceff9610f1747e2d7
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/367dc7d19aa31eaf881f217ceff9610f1747e2d7
7
reference_url https://github.com/liferay/liferay-portal/commit/38c0a06cebf0d635aa2af9912c068217161fcf1e
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/38c0a06cebf0d635aa2af9912c068217161fcf1e
8
reference_url https://github.com/liferay/liferay-portal/commit/45c3ca76966ddfaf8fe650f28910b0f55536f2b4
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/45c3ca76966ddfaf8fe650f28910b0f55536f2b4
9
reference_url https://github.com/liferay/liferay-portal/commit/53e6dcaa31a7599df8de9d3cef92e59e95a2064e
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/53e6dcaa31a7599df8de9d3cef92e59e95a2064e
10
reference_url https://github.com/liferay/liferay-portal/commit/556450752159503476635c44736721ad797fa431
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/556450752159503476635c44736721ad797fa431
11
reference_url https://github.com/liferay/liferay-portal/commit/5b1bf48b0dc2a062928237ab1ea4a2274c63e652
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/5b1bf48b0dc2a062928237ab1ea4a2274c63e652
12
reference_url https://github.com/liferay/liferay-portal/commit/6629bb176c1f58ca852d599c013bd3e97b3312d3
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/6629bb176c1f58ca852d599c013bd3e97b3312d3
13
reference_url https://github.com/liferay/liferay-portal/commit/6f6f9f0922f6a13e21236915b864e0c1c12e47a9
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/6f6f9f0922f6a13e21236915b864e0c1c12e47a9
14
reference_url https://github.com/liferay/liferay-portal/commit/6fdbb052a6e0cbe8b300138fb75f88df69f58799
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/6fdbb052a6e0cbe8b300138fb75f88df69f58799
15
reference_url https://github.com/liferay/liferay-portal/commit/7118e956516d48792fb9365d1ae1f0ee971a8ac3
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/7118e956516d48792fb9365d1ae1f0ee971a8ac3
16
reference_url https://github.com/liferay/liferay-portal/commit/862ca74aaf98c70823022b6556cdc8a339128f79
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/862ca74aaf98c70823022b6556cdc8a339128f79
17
reference_url https://github.com/liferay/liferay-portal/commit/9b4be82e964e9bbab1ce9824a61d9f40b28f38bb
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/9b4be82e964e9bbab1ce9824a61d9f40b28f38bb
18
reference_url https://github.com/liferay/liferay-portal/commit/9ce8b8dec237f9b9049760904fcefd06a8695832
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/9ce8b8dec237f9b9049760904fcefd06a8695832
19
reference_url https://github.com/liferay/liferay-portal/commit/c8041d0f527388305897ac79f98d012bb31b82ac
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/c8041d0f527388305897ac79f98d012bb31b82ac
20
reference_url https://github.com/liferay/liferay-portal/commit/f25bb9583f059f86937649fdacf940928ca3767b
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal/commit/f25bb9583f059f86937649fdacf940928ca3767b
21
reference_url https://liferay.atlassian.net/browse/LPE-18149
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://liferay.atlassian.net/browse/LPE-18149
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-43754
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-43754
23
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43754
reference_id CVE-2025-43754
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-21T20:01:22Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43754
24
reference_url https://github.com/advisories/GHSA-x7p4-v8mj-6fxx
reference_id GHSA-x7p4-v8mj-6fxx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x7p4-v8mj-6fxx
fixed_packages
aliases CVE-2025-43754, GHSA-x7p4-v8mj-6fxx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xvs7-58y1-3ybj
49
url VCID-y38f-84j9-fygf
vulnerability_id VCID-y38f-84j9-fygf
summary Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.4 ,2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows a pre-authentication blind SSRF vulnerability in the portal-settings-authentication-opensso-web due to improper validation of user-supplied URLs. An attacker can exploit this issue to force the server to make arbitrary HTTP requests to internal systems, potentially leading to internal network enumeration or further exploitation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-4581
reference_id
reference_type
scores
0
value 0.00195
scoring_system epss
scoring_elements 0.41474
published_at 2026-06-13T12:55:00Z
1
value 0.00195
scoring_system epss
scoring_elements 0.41465
published_at 2026-06-14T12:55:00Z
2
value 0.00195
scoring_system epss
scoring_elements 0.4129
published_at 2026-06-11T12:55:00Z
3
value 0.00195
scoring_system epss
scoring_elements 0.41456
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-4581
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-4581
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-4581
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-4581
reference_id CVE-2025-4581
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-11T18:52:25Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-4581
4
reference_url https://github.com/advisories/GHSA-6v93-frf9-2rp8
reference_id GHSA-6v93-frf9-2rp8
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6v93-frf9-2rp8
fixed_packages
aliases CVE-2025-4581, GHSA-6v93-frf9-2rp8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y38f-84j9-fygf
50
url VCID-zc53-8p5g-2kcv
vulnerability_id VCID-zc53-8p5g-2kcv
summary Reflected cross-site scripting (XSS) vulnerability on the add assignees to a role page in Liferay Portal 7.3.3 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, 7.4 GA through update 92, and 7.3 before update 34 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_roles_admin_web_portlet_RolesAdminPortlet_tabs2 parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-42496
reference_id
reference_type
scores
0
value 0.0044
scoring_system epss
scoring_elements 0.63626
published_at 2026-06-11T12:55:00Z
1
value 0.0044
scoring_system epss
scoring_elements 0.63739
published_at 2026-06-14T12:55:00Z
2
value 0.0044
scoring_system epss
scoring_elements 0.63728
published_at 2026-06-12T12:55:00Z
3
value 0.0044
scoring_system epss
scoring_elements 0.63742
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-42496
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42496
reference_id cve-2023-42496
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-21T16:07:22Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42496
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-42496
reference_id CVE-2023-42496
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-42496
4
reference_url https://github.com/advisories/GHSA-54pv-r62j-9qqc
reference_id GHSA-54pv-r62j-9qqc
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-54pv-r62j-9qqc
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.98
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.98
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-4m1t-nd28-43b2
2
vulnerability VCID-55fq-h94e-kuep
3
vulnerability VCID-5rce-t9wm-4ycx
4
vulnerability VCID-5ytw-d875-3yfe
5
vulnerability VCID-69x9-5buz-1yht
6
vulnerability VCID-6f8z-s1fz-57b2
7
vulnerability VCID-6jsv-kw7h-9yeu
8
vulnerability VCID-73u9-6qzv-t7f7
9
vulnerability VCID-7bjy-2h8a-ukbe
10
vulnerability VCID-99sz-6eag-3kff
11
vulnerability VCID-9seq-71yb-tfcf
12
vulnerability VCID-beqe-x5p8-23b9
13
vulnerability VCID-c2hc-pbr7-2yhz
14
vulnerability VCID-d49a-szjx-jub1
15
vulnerability VCID-d9qm-h8q2-sfda
16
vulnerability VCID-dztj-3hzz-3bcg
17
vulnerability VCID-eb9n-cwf1-fbga
18
vulnerability VCID-ep8t-7k2h-2kdp
19
vulnerability VCID-epds-vwku-cyed
20
vulnerability VCID-evtz-a8xn-e7b6
21
vulnerability VCID-ext6-8u2c-xufv
22
vulnerability VCID-f6z5-3pp9-7qey
23
vulnerability VCID-gfwc-qjpr-6fgf
24
vulnerability VCID-hqwn-t5mr-13ab
25
vulnerability VCID-hthn-qn9g-u3dv
26
vulnerability VCID-j2r3-g95d-hued
27
vulnerability VCID-k7dn-nb9d-ckdk
28
vulnerability VCID-kke1-d8nw-tyhj
29
vulnerability VCID-mmy3-eycu-q7bu
30
vulnerability VCID-p1dw-dttz-x7ee
31
vulnerability VCID-p3dp-ku5j-yke9
32
vulnerability VCID-ph25-5qgg-zfer
33
vulnerability VCID-qxsh-hm7q-5ban
34
vulnerability VCID-rcmj-djgg-bqf7
35
vulnerability VCID-tgj6-8vhq-23ae
36
vulnerability VCID-tkws-gscx-pff6
37
vulnerability VCID-twb2-9ane-tfdw
38
vulnerability VCID-twyc-srx8-fudj
39
vulnerability VCID-u5rg-89bb-wbfy
40
vulnerability VCID-u9gz-jcnn-syby
41
vulnerability VCID-vcth-rrmy-5qej
42
vulnerability VCID-w2a5-j7ew-mbet
43
vulnerability VCID-w71u-16bg-nke4
44
vulnerability VCID-whty-vwsm-t7gt
45
vulnerability VCID-xftu-6k5q-7ub6
46
vulnerability VCID-xvs7-58y1-3ybj
47
vulnerability VCID-y38f-84j9-fygf
48
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.98
aliases CVE-2023-42496, GHSA-54pv-r62j-9qqc
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zc53-8p5g-2kcv
51
url VCID-zkm4-bz55-9bb8
vulnerability_id VCID-zkm4-bz55-9bb8
summary Cross-site scripting (XSS) vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a service access policy's `Service Class` text field.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-37940
reference_id
reference_type
scores
0
value 0.00175
scoring_system epss
scoring_elements 0.38976
published_at 2026-06-12T12:55:00Z
1
value 0.00175
scoring_system epss
scoring_elements 0.3899
published_at 2026-06-14T12:55:00Z
2
value 0.00175
scoring_system epss
scoring_elements 0.38804
published_at 2026-06-11T12:55:00Z
3
value 0.00175
scoring_system epss
scoring_elements 0.38999
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-37940
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-37940
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-37940
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2023-37940
reference_id CVE-2023-37940
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-17T21:41:20Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2023-37940
4
reference_url https://github.com/advisories/GHSA-px38-239g-x5mg
reference_id GHSA-px38-239g-x5mg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-px38-239g-x5mg
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.88
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.88
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-4m1t-nd28-43b2
2
vulnerability VCID-55fq-h94e-kuep
3
vulnerability VCID-5rce-t9wm-4ycx
4
vulnerability VCID-5ytw-d875-3yfe
5
vulnerability VCID-69x9-5buz-1yht
6
vulnerability VCID-6f8z-s1fz-57b2
7
vulnerability VCID-6jsv-kw7h-9yeu
8
vulnerability VCID-73u9-6qzv-t7f7
9
vulnerability VCID-7bjy-2h8a-ukbe
10
vulnerability VCID-99sz-6eag-3kff
11
vulnerability VCID-9seq-71yb-tfcf
12
vulnerability VCID-beqe-x5p8-23b9
13
vulnerability VCID-c2hc-pbr7-2yhz
14
vulnerability VCID-d49a-szjx-jub1
15
vulnerability VCID-d9qm-h8q2-sfda
16
vulnerability VCID-deaj-uts6-aqb5
17
vulnerability VCID-dztj-3hzz-3bcg
18
vulnerability VCID-eb9n-cwf1-fbga
19
vulnerability VCID-ep8t-7k2h-2kdp
20
vulnerability VCID-epds-vwku-cyed
21
vulnerability VCID-evtz-a8xn-e7b6
22
vulnerability VCID-ext6-8u2c-xufv
23
vulnerability VCID-f6z5-3pp9-7qey
24
vulnerability VCID-gfwc-qjpr-6fgf
25
vulnerability VCID-hqwn-t5mr-13ab
26
vulnerability VCID-hthn-qn9g-u3dv
27
vulnerability VCID-j2r3-g95d-hued
28
vulnerability VCID-k7dn-nb9d-ckdk
29
vulnerability VCID-kke1-d8nw-tyhj
30
vulnerability VCID-mmy3-eycu-q7bu
31
vulnerability VCID-p1dw-dttz-x7ee
32
vulnerability VCID-p3dp-ku5j-yke9
33
vulnerability VCID-pac3-4jrs-pqdg
34
vulnerability VCID-ph25-5qgg-zfer
35
vulnerability VCID-qxsh-hm7q-5ban
36
vulnerability VCID-rcmj-djgg-bqf7
37
vulnerability VCID-tgj6-8vhq-23ae
38
vulnerability VCID-tkws-gscx-pff6
39
vulnerability VCID-twb2-9ane-tfdw
40
vulnerability VCID-twyc-srx8-fudj
41
vulnerability VCID-u5rg-89bb-wbfy
42
vulnerability VCID-u9gz-jcnn-syby
43
vulnerability VCID-vcth-rrmy-5qej
44
vulnerability VCID-w2a5-j7ew-mbet
45
vulnerability VCID-w71u-16bg-nke4
46
vulnerability VCID-whty-vwsm-t7gt
47
vulnerability VCID-xftu-6k5q-7ub6
48
vulnerability VCID-xvs7-58y1-3ybj
49
vulnerability VCID-y38f-84j9-fygf
50
vulnerability VCID-zc53-8p5g-2kcv
51
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.88
aliases CVE-2023-37940, GHSA-px38-239g-x5mg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zkm4-bz55-9bb8
52
url VCID-zn2s-8c79-x7h3
vulnerability_id VCID-zn2s-8c79-x7h3
summary 
The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, 7.2 GA through fix pack 20, 7.1 GA through fix pack 28, 7.0 GA through fix pack 102 and 6.2 GA through fix pack 173
 does not sufficiently protect against Cross-Site Request Forgery (CSRF) attacks, which allows remote attackers to execute arbitrary Groovy script via a crafted URL or a XSS vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-8980
reference_id
reference_type
scores
0
value 0.00381
scoring_system epss
scoring_elements 0.60057
published_at 2026-06-12T12:55:00Z
1
value 0.00381
scoring_system epss
scoring_elements 0.60061
published_at 2026-06-14T12:55:00Z
2
value 0.00381
scoring_system epss
scoring_elements 0.59949
published_at 2026-06-11T12:55:00Z
3
value 0.00381
scoring_system epss
scoring_elements 0.60068
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-8980
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-8980
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-8980
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-8980
reference_id CVE-2024-8980
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T15:02:17Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-8980
4
reference_url https://github.com/advisories/GHSA-chj2-4vg7-hhg3
reference_id GHSA-chj2-4vg7-hhg3
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-chj2-4vg7-hhg3
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.102-GA102
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.102-GA102
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.102-GA102
1
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.103
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.103
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3cm9-v7g5-kfcn
1
vulnerability VCID-4m1t-nd28-43b2
2
vulnerability VCID-55fq-h94e-kuep
3
vulnerability VCID-5rce-t9wm-4ycx
4
vulnerability VCID-5ytw-d875-3yfe
5
vulnerability VCID-69x9-5buz-1yht
6
vulnerability VCID-6f8z-s1fz-57b2
7
vulnerability VCID-6jsv-kw7h-9yeu
8
vulnerability VCID-73u9-6qzv-t7f7
9
vulnerability VCID-7bjy-2h8a-ukbe
10
vulnerability VCID-9seq-71yb-tfcf
11
vulnerability VCID-beqe-x5p8-23b9
12
vulnerability VCID-c2hc-pbr7-2yhz
13
vulnerability VCID-d9qm-h8q2-sfda
14
vulnerability VCID-dztj-3hzz-3bcg
15
vulnerability VCID-eb9n-cwf1-fbga
16
vulnerability VCID-ep8t-7k2h-2kdp
17
vulnerability VCID-epds-vwku-cyed
18
vulnerability VCID-evtz-a8xn-e7b6
19
vulnerability VCID-f6z5-3pp9-7qey
20
vulnerability VCID-gfwc-qjpr-6fgf
21
vulnerability VCID-hthn-qn9g-u3dv
22
vulnerability VCID-j2r3-g95d-hued
23
vulnerability VCID-k7dn-nb9d-ckdk
24
vulnerability VCID-kke1-d8nw-tyhj
25
vulnerability VCID-mmy3-eycu-q7bu
26
vulnerability VCID-p1dw-dttz-x7ee
27
vulnerability VCID-p3dp-ku5j-yke9
28
vulnerability VCID-ph25-5qgg-zfer
29
vulnerability VCID-qxsh-hm7q-5ban
30
vulnerability VCID-rcmj-djgg-bqf7
31
vulnerability VCID-tgj6-8vhq-23ae
32
vulnerability VCID-tkws-gscx-pff6
33
vulnerability VCID-twb2-9ane-tfdw
34
vulnerability VCID-u5rg-89bb-wbfy
35
vulnerability VCID-u9gz-jcnn-syby
36
vulnerability VCID-vcth-rrmy-5qej
37
vulnerability VCID-w2a5-j7ew-mbet
38
vulnerability VCID-w71u-16bg-nke4
39
vulnerability VCID-whty-vwsm-t7gt
40
vulnerability VCID-xftu-6k5q-7ub6
41
vulnerability VCID-xvs7-58y1-3ybj
42
vulnerability VCID-y38f-84j9-fygf
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.103
aliases CVE-2024-8980, GHSA-chj2-4vg7-hhg3
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zn2s-8c79-x7h3
Fixing_vulnerabilities
0
url VCID-s59m-uwgm-d7ed
vulnerability_id VCID-s59m-uwgm-d7ed
summary Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-33941
reference_id
reference_type
scores
0
value 0.00261
scoring_system epss
scoring_elements 0.49952
published_at 2026-06-12T12:55:00Z
1
value 0.00261
scoring_system epss
scoring_elements 0.49957
published_at 2026-06-14T12:55:00Z
2
value 0.00261
scoring_system epss
scoring_elements 0.49816
published_at 2026-06-11T12:55:00Z
3
value 0.00261
scoring_system epss
scoring_elements 0.4997
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-33941
1
reference_url https://github.com/liferay/liferay-portal
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/liferay/liferay-portal
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-33941
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-33941
3
reference_url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33941
reference_id cve-2023-33941
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:47:35Z/
url https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33941
4
reference_url https://github.com/advisories/GHSA-mvfv-w3fq-xp67
reference_id GHSA-mvfv-w3fq-xp67
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mvfv-w3fq-xp67
fixed_packages
0
url pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.53
purl pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.53
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-39dv-ngxr-vbaj
1
vulnerability VCID-3cm9-v7g5-kfcn
2
vulnerability VCID-4m1t-nd28-43b2
3
vulnerability VCID-55fq-h94e-kuep
4
vulnerability VCID-5rce-t9wm-4ycx
5
vulnerability VCID-5sft-4ab1-9kcg
6
vulnerability VCID-5ytw-d875-3yfe
7
vulnerability VCID-69x9-5buz-1yht
8
vulnerability VCID-6f8z-s1fz-57b2
9
vulnerability VCID-6jsv-kw7h-9yeu
10
vulnerability VCID-73u9-6qzv-t7f7
11
vulnerability VCID-7bjy-2h8a-ukbe
12
vulnerability VCID-99sz-6eag-3kff
13
vulnerability VCID-9seq-71yb-tfcf
14
vulnerability VCID-beqe-x5p8-23b9
15
vulnerability VCID-c2hc-pbr7-2yhz
16
vulnerability VCID-d49a-szjx-jub1
17
vulnerability VCID-d9qm-h8q2-sfda
18
vulnerability VCID-deaj-uts6-aqb5
19
vulnerability VCID-dztj-3hzz-3bcg
20
vulnerability VCID-eb9n-cwf1-fbga
21
vulnerability VCID-ep8t-7k2h-2kdp
22
vulnerability VCID-epds-vwku-cyed
23
vulnerability VCID-evtz-a8xn-e7b6
24
vulnerability VCID-ext6-8u2c-xufv
25
vulnerability VCID-f6z5-3pp9-7qey
26
vulnerability VCID-gfwc-qjpr-6fgf
27
vulnerability VCID-hqwn-t5mr-13ab
28
vulnerability VCID-hthn-qn9g-u3dv
29
vulnerability VCID-j2r3-g95d-hued
30
vulnerability VCID-kke1-d8nw-tyhj
31
vulnerability VCID-mmy3-eycu-q7bu
32
vulnerability VCID-p1dw-dttz-x7ee
33
vulnerability VCID-p3dp-ku5j-yke9
34
vulnerability VCID-pac3-4jrs-pqdg
35
vulnerability VCID-ph25-5qgg-zfer
36
vulnerability VCID-rcmj-djgg-bqf7
37
vulnerability VCID-ser9-x7zq-dqdv
38
vulnerability VCID-te96-dz9q-z3cy
39
vulnerability VCID-tkws-gscx-pff6
40
vulnerability VCID-twb2-9ane-tfdw
41
vulnerability VCID-u5rg-89bb-wbfy
42
vulnerability VCID-u9gz-jcnn-syby
43
vulnerability VCID-vcth-rrmy-5qej
44
vulnerability VCID-w2a5-j7ew-mbet
45
vulnerability VCID-w71u-16bg-nke4
46
vulnerability VCID-whty-vwsm-t7gt
47
vulnerability VCID-xftu-6k5q-7ub6
48
vulnerability VCID-xvs7-58y1-3ybj
49
vulnerability VCID-y38f-84j9-fygf
50
vulnerability VCID-zc53-8p5g-2kcv
51
vulnerability VCID-zkm4-bz55-9bb8
52
vulnerability VCID-zn2s-8c79-x7h3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.53
aliases CVE-2023-33941, GHSA-mvfv-w3fq-xp67
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s59m-uwgm-d7ed
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.liferay.portal/release.portal.bom@7.4.3.53