Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

CMS

Liferay Portal

Liferay Portal is the worlds leading enterprise open source portal framework offering integrated Web publishing and content management an enterprise service bus and service-oriented architecture and compatibility with all major IT infrastructure.

Official Site:

https://www.liferay.com/downloads-community

Severity Summary:

Critical: 6 High: 46 Medium: 231 Low: 2
Reference
Title
Severity
CVE-2022-38512
Liferay Portal Missing Authorization Vulnerability
Medium
CVE-2024-25146
Liferay Portal Observable Discrepancy Vulnerability
Medium
CVE-2022-39975
Liferay Portal Missing Authorization Vulnerability
Medium
CVE-2025-62252
Liferay Portal Authorization Bypass Through User-Controlled Key Vulnerability
Medium
CVE-2022-28980
Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-62251
Liferay Portal Incorrect Permission Assignment for Critical Resource Vulnerability
Medium
CVE-2025-62250
Liferay Portal Origin Validation Error Vulnerability
Medium
CVE-2025-62249
Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-47798
Liferay Portal Session Fixation Vulnerability
Medium
CVE-2025-62246
Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2022-28979
Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-62257
Liferay Portal Improper Restriction of Excessive Authentication Attempts Vulnerability
Medium
CVE-2022-28977
Liferay Portal URL Redirection to Untrusted Site (Open Redirect) Vulnerability
Medium
CVE-2025-62263
Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-62258
Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2025-62256
Liferay Portal Missing Authorization Vulnerability
Medium
CVE-2025-62259
Liferay Portal Incorrect Authorization Vulnerability
Medium
CVE-2025-62248
Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-62247
Liferay Portal Missing Authorization Vulnerability
Medium
CVE-2025-62261
Liferay Portal Cleartext Storage of Sensitive Information Vulnerability
Medium
CVE-2025-43820
Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-43818
Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-43817
Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-62262
Liferay Portal Insertion of Sensitive Information into Log File Vulnerability
Medium
CVE-2025-62265
Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-42627
Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-62266
Liferay Portal URL Redirection to Untrusted Site (Open Redirect) Vulnerability
Medium
CVE-2025-62264
Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-62267
Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-43815
Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium