Liferay Digital_experience_platform
264 CVEs affecting Liferay Digital_experience_platform. Latest disclosed: 2025-11-01. Critical: 25, High: 29.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-43766 | Critical | 9.8 | 2025-08-23 | The Liferay Portal 7.4.0 through 7.3.3.131, and Liferay DXP 2024.Q4.0, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12… |
CVE-2025-3594 | Critical | 9.8 | 2025-06-16 | Path traversal vulnerability with the downloading and installation of Xuggler in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through u… |
CVE-2024-8980 | Critical | 9.6 | 2024-10-22 | The Script Console in Liferay Portal 7.0.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35… |
CVE-2024-26269 | Critical | 9.6 | 2024-02-21 | Cross-site scripting (XSS) vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38… |
CVE-2023-42498 | Critical | 9.6 | 2024-02-21 | Reflected cross-site scripting (XSS) vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 through 7.4.3.97, and Liferay DXP 2023.Q3 bef… |
CVE-2023-42496 | Critical | 9.6 | 2024-02-21 | Reflected cross-site scripting (XSS) vulnerability on the add assignees to a role page in Liferay Portal 7.3.3 through 7.4.3.97, and Liferay DXP 2023.Q3 before… |
CVE-2024-25147 | Critical | 9.6 | 2024-02-21 | Cross-site scripting (XSS) vulnerability in HtmlUtil.escapeJsLink in Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 be… |
CVE-2024-25145 | Critical | 9.6 | 2024-02-07 | Stored cross-site scripting (XSS) vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 through 7.4.3.11, and older unsupported… |
CVE-2023-42627 | Critical | 9.6 | 2023-10-17 | Multiple stored cross-site scripting (XSS) vulnerabilities in the Commerce module in Liferay Portal 7.3.5 through 7.4.3.91, and Liferay DXP 7.3 update 33 and e… |
CVE-2023-44311 | Critical | 9.6 | 2023-10-17 | Multiple reflected cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7… |
CVE-2023-42497 | Critical | 9.6 | 2023-10-17 | Reflected cross-site scripting (XSS) vulnerability on the Export for Translation page in Liferay Portal 7.4.3.4 through 7.4.3.85, and Liferay DXP 7.4 before up… |
CVE-2025-43773 | Critical | 9.1 | 2025-08-29 | Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 20… |
CVE-2024-38002 | Critical | 9.0 | 2024-10-22 | The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through upda… |
CVE-2023-47795 | Critical | 9.0 | 2024-02-21 | Stored cross-site scripting (XSS) vulnerability in the Document and Media widget in Liferay Portal 7.4.3.18 through 7.4.3.101, and Liferay DXP 2023.Q3 before p… |
CVE-2024-26266 | Critical | 9.0 | 2024-02-21 | Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported versions, and Liferay DXP 7.4 before… |
CVE-2024-25603 | Critical | 9.0 | 2024-02-21 | Stored cross-site scripting (XSS) vulnerability in the Dynamic Data Mapping module's DDMForm in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported ver… |
CVE-2023-40191 | Critical | 9.0 | 2024-02-21 | Reflected cross-site scripting (XSS) vulnerability in the instance settings for Accounts in Liferay Portal 7.4.3.44 through 7.4.3.97, and Liferay DXP 2023.Q3 b… |
CVE-2024-25602 | Critical | 9.0 | 2024-02-21 | Stored cross-site scripting (XSS) vulnerability in Users Admin module's edit user page in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, a… |
CVE-2024-25601 | Critical | 9.0 | 2024-02-21 | Stored cross-site scripting (XSS) vulnerability in Expando module's geolocation custom fields in Liferay Portal 7.2.0 through 7.4.2, and older unsupported vers… |
CVE-2024-25152 | Critical | 9.0 | 2024-02-21 | Stored cross-site scripting (XSS) vulnerability in Message Board widget in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP… |