Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

CRM

Liferay DXP

Digital Experience Platform (DXP) is an emerging category of enterprise software seeking to meet the needs of companies undergoing digital transformation with the ultimate goal of providing better customer experiences. DXPs can be a single product but are often a suite of products that work together. DXPs provide an architecture for companies to digitize business operations deliver connected customer experiences and gather actionable customer insight.

Official Site:

https://www.liferay.com/en-AU/products/dxp

Severity Summary:

Critical: 4 High: 33 Medium: 202
Reference
Title
Severity
CVE-2021-33338
Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2020-15842
Liferay DXP Deserialization of Untrusted Data Vulnerability
High
CVE-2021-29053
Liferay DXP Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2021-29047
Liferay DXP Improper Authentication Vulnerability
High
CVE-2025-62260
Liferay DXP Uncontrolled Resource Consumption Vulnerability
High
CVE-2025-43790
Liferay DXP Authorization Bypass Through User-Controlled Key Vulnerability
High
CVE-2021-33335
Liferay DXP Incorrect Authorization Vulnerability
High
CVE-2025-43770
Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-62256
Liferay DXP Missing Authorization Vulnerability
Medium
CVE-2025-43806
Liferay DXP Incorrect Authorization Vulnerability
Medium
CVE-2025-43778
Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-43777
Liferay DXP Generation of Error Message Containing Sensitive Information Vulnerability
Medium
CVE-2025-62258
Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2025-62257
Liferay DXP Improper Restriction of Excessive Authentication Attempts Vulnerability
Medium
CVE-2025-43769
Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-43810
Liferay DXP Authorization Bypass Through User-Controlled Key Vulnerability
Medium
CVE-2025-43767
Liferay DXP URL Redirection to Untrusted Site (Open Redirect) Vulnerability
Medium
CVE-2025-62261
Liferay DXP Cleartext Storage of Sensitive Information Vulnerability
Medium
CVE-2025-43765
Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-43764
Liferay DXP Inefficient Regular Expression Complexity Vulnerability
Medium
CVE-2025-62262
Liferay DXP Insertion of Sensitive Information into Log File Vulnerability
Medium
CVE-2025-62263
Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-62241
Liferay DXP Authorization Bypass Through User-Controlled Key Vulnerability
Medium
CVE-2025-62238
Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-43814
Liferay DXP Insertion of Sensitive Information Into Sent Data Vulnerability
Medium
CVE-2025-62253
Liferay DXP URL Redirection to Untrusted Site (Open Redirect) Vulnerability
Medium
CVE-2025-43817
Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-43820
Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-62239
Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-43815
Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium