Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

CRM

Liferay DXP

Digital Experience Platform (DXP) is an emerging category of enterprise software seeking to meet the needs of companies undergoing digital transformation with the ultimate goal of providing better customer experiences. DXPs can be a single product but are often a suite of products that work together. DXPs provide an architecture for companies to digitize business operations deliver connected customer experiences and gather actionable customer insight.

Official Site:

https://www.liferay.com/en-AU/products/dxp

Severity Summary:

Critical: 4 High: 33 Medium: 202
Reference
Title
Severity
CVE-2025-3594
Liferay DXP Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Critical
CVE-2025-43773
Liferay DXP Missing Authorization Vulnerability
Critical
CVE-2025-43766
Liferay DXP Unrestricted Upload of File with Dangerous Type Vulnerability
Critical
CVE-2022-42120
Liferay DXP Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Critical
CVE-2023-33949
Liferay DXP Insecure Default Initialization of Resource Vulnerability
High
CVE-2021-33321
Liferay DXP Weak Password Recovery Mechanism for Forgotten Password Vulnerability
High
CVE-2025-43813
Liferay DXP Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2021-38266
Liferay DXP Vulnerability
High
CVE-2024-26273
Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2025-43816
Liferay DXP Missing Release of Memory after Effective Lifetime Vulnerability
High
CVE-2022-42121
Liferay DXP Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2022-42123
Liferay DXP Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2025-4581
Liferay DXP Server-Side Request Forgery (SSRF) Vulnerability
High
CVE-2022-42124
Liferay DXP Inefficient Regular Expression Complexity Vulnerability
High
CVE-2023-33945
Liferay DXP Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2021-33323
Liferay DXP Cleartext Storage of Sensitive Information Vulnerability
High
CVE-2025-43801
Liferay DXP Unchecked Input for Loop Condition Vulnerability
High
CVE-2025-3586
Liferay DXP Incorrect Authorization Vulnerability
High
CVE-2025-43768
Liferay DXP Insertion of Sensitive Information Into Sent Data Vulnerability
High
CVE-2024-25148
Liferay DXP Vulnerability
High
CVE-2024-25607
Liferay DXP Use of Password Hash With Insufficient Computational Effort Vulnerability
High
CVE-2024-25606
Liferay DXP Improper Restriction of XML External Entity Reference Vulnerability
High
CVE-2024-38002
Liferay DXP Incorrect Authorization Vulnerability
High
CVE-2024-26272
Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2021-33322
Liferay DXP Insufficient Session Expiration Vulnerability
High
CVE-2024-26271
Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2025-43796
Liferay DXP Uncontrolled Resource Consumption Vulnerability
High
CVE-2020-15841
Liferay DXP Insufficiently Protected Credentials Vulnerability
High
CVE-2025-62254
Liferay DXP Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2025-43793
Liferay DXP Improper Validation of Specified Quantity in Input Vulnerability
High