CMS

Liferay Portal

Liferay Portal is the worlds leading enterprise open source portal framework offering integrated Web publishing and content management an enterprise service bus and service-oriented architecture and compatibility with all major IT infrastructure.

Official Site:

https://www.liferay.com/downloads-community

Severity Summary:

Critical: 6 High: 46 Medium: 231 Low: 2

Reference

Title

Severity

CVE-2025-43782

Liferay Portal Authorization Bypass Through User-Controlled Key Vulnerability

Medium

CVE-2025-43781

Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2025-43779

Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2025-43776

Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2025-43775

Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2025-43771

Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2025-4655

Liferay Portal Server-Side Request Forgery (SSRF) Vulnerability

Medium

CVE-2025-43822

Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2025-43824

Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2025-62237

Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2025-43761

Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2025-43830

Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2025-43814

Liferay Portal Insertion of Sensitive Information Into Sent Data Vulnerability

Medium

CVE-2025-43810

Liferay Portal Authorization Bypass Through User-Controlled Key Vulnerability

Medium

CVE-2025-43806

Liferay Portal Incorrect Authorization Vulnerability

Medium

CVE-2025-43778

Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2025-43777

Liferay Portal Generation of Error Message Containing Sensitive Information Vulnerability

Medium

CVE-2025-43770

Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2025-43769

Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2025-43767

Liferay Portal URL Redirection to Untrusted Site (Open Redirect) Vulnerability

Medium

CVE-2025-43765

Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2025-43763

Liferay Portal Server-Side Request Forgery (SSRF) Vulnerability

Medium

CVE-2025-43762

Liferay Portal Allocation of Resources Without Limits or Throttling Vulnerability

Medium

CVE-2025-43757

Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2025-43825

Liferay Portal Insertion of Sensitive Information Into Sent Data Vulnerability

Medium

CVE-2025-43756

Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2025-43755

Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2025-43754

Liferay Portal Observable Timing Discrepancy Vulnerability

Medium

CVE-2025-43746

Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2025-62243

Liferay Portal Incorrect Authorization Vulnerability

Medium