Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

CRM

Liferay DXP

Digital Experience Platform (DXP) is an emerging category of enterprise software seeking to meet the needs of companies undergoing digital transformation with the ultimate goal of providing better customer experiences. DXPs can be a single product but are often a suite of products that work together. DXPs provide an architecture for companies to digitize business operations deliver connected customer experiences and gather actionable customer insight.

Official Site:

https://www.liferay.com/en-AU/products/dxp

Severity Summary:

Critical: 4 High: 33 Medium: 202
Reference
Title
Severity
CVE-2025-62245
Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2025-43812
Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-43811
Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-43802
Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-62247
Liferay DXP Missing Authorization Vulnerability
Medium
CVE-2025-62252
Liferay DXP Authorization Bypass Through User-Controlled Key Vulnerability
Medium
CVE-2025-43830
Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-62251
Liferay DXP Incorrect Permission Assignment for Critical Resource Vulnerability
Medium
CVE-2025-62250
Liferay DXP Origin Validation Error Vulnerability
Medium
CVE-2025-62249
Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-62248
Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-62246
Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-62259
Liferay DXP Incorrect Authorization Vulnerability
Medium
CVE-2025-62240
Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-43818
Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-62237
Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-62255
Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-15840
Liferay DXP Vulnerability
Medium
CVE-2025-43763
Liferay DXP Server-Side Request Forgery (SSRF) Vulnerability
Medium
CVE-2025-43788
Liferay DXP Missing Authorization Vulnerability
Medium
CVE-2025-43805
Liferay DXP Missing Authorization Vulnerability
Medium
CVE-2025-43803
Liferay DXP Authorization Bypass Through User-Controlled Key Vulnerability
Medium
CVE-2025-43800
Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-43799
Liferay DXP Use of Default Password Vulnerability
Medium
CVE-2025-43798
Liferay DXP Missing Critical Step in Authentication Vulnerability
Medium
CVE-2025-43797
Liferay DXP Insecure Default Initialization of Resource Vulnerability
Medium
CVE-2025-43795
Liferay DXP URL Redirection to Untrusted Site (Open Redirect) Vulnerability
Medium
CVE-2025-43794
Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-43792
Liferay DXP External Control of System or Configuration Setting Vulnerability
Medium
CVE-2025-43791
Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium