Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

CMS

Liferay Portal

Liferay Portal is the worlds leading enterprise open source portal framework offering integrated Web publishing and content management an enterprise service bus and service-oriented architecture and compatibility with all major IT infrastructure.

Official Site:

https://www.liferay.com/downloads-community

Severity Summary:

Critical: 6 High: 46 Medium: 231 Low: 2
Reference
Title
Severity
CVE-2022-42120
Liferay Portal Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Critical
CVE-2022-42122
Liferay Portal Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Critical
CVE-2025-43773
Liferay Portal Missing Authorization Vulnerability
Critical
CVE-2020-7961
Liferay Portal Deserialization of Untrusted Data Vulnerability
Critical
CVE-2025-43766
Liferay Portal Unrestricted Upload of File with Dangerous Type Vulnerability
Critical
CVE-2025-3594
Liferay Portal Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Critical
CVE-2024-25607
Liferay Portal Use of Password Hash With Insufficient Computational Effort Vulnerability
High
CVE-2024-26272
Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2021-33335
Liferay Portal Incorrect Authorization Vulnerability
High
CVE-2022-42124
Liferay Portal Inefficient Regular Expression Complexity Vulnerability
High
CVE-2025-43813
Liferay Portal Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2019-16891
Liferay Portal Deserialization of Untrusted Data Vulnerability
High
CVE-2024-25606
Liferay Portal Improper Restriction of XML External Entity Reference Vulnerability
High
CVE-2023-35030
Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2023-33949
Liferay Portal Insecure Default Initialization of Resource Vulnerability
High
CVE-2023-33950
Liferay Portal Inefficient Regular Expression Complexity Vulnerability
High
CVE-2025-4581
Liferay Portal Server-Side Request Forgery (SSRF) Vulnerability
High
CVE-2020-28884
Liferay Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability
High
CVE-2025-62254
Liferay Portal Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2023-33945
Liferay Portal Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2021-33321
Liferay Portal Weak Password Recovery Mechanism for Forgotten Password Vulnerability
High
CVE-2025-3586
Liferay Portal Incorrect Authorization Vulnerability
High
CVE-2024-25148
Liferay Portal Vulnerability
High
CVE-2020-15842
Liferay Portal Deserialization of Untrusted Data Vulnerability
High
CVE-2020-13445
Liferay Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
High
CVE-2019-11444
Liferay Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability
High
CVE-2025-43801
Liferay Portal Unchecked Input for Loop Condition Vulnerability
High
CVE-2020-24554
Liferay Portal URL Redirection to Untrusted Site (Open Redirect) Vulnerability
High
CVE-2025-43768
Liferay Portal Insertion of Sensitive Information Into Sent Data Vulnerability
High
CVE-2022-42125
Liferay Portal Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High