CRM

Liferay DXP

Digital Experience Platform (DXP) is an emerging category of enterprise software seeking to meet the needs of companies undergoing digital transformation with the ultimate goal of providing better customer experiences. DXPs can be a single product but are often a suite of products that work together. DXPs provide an architecture for companies to digitize business operations deliver connected customer experiences and gather actionable customer insight.

Official Site:

https://www.liferay.com/en-AU/products/dxp

Severity Summary:

Critical: 4 High: 33 Medium: 202

Reference

Title

Severity

CVE-2025-43787

Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2025-43808

Liferay DXP Incorrect Permission Assignment for Critical Resource Vulnerability

Medium

CVE-2025-43786

Liferay DXP Observable Discrepancy Vulnerability

Medium

CVE-2025-43785

Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2025-43784

Liferay DXP Incorrect Authorization Vulnerability

Medium

CVE-2025-43783

Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2025-43782

Liferay DXP Authorization Bypass Through User-Controlled Key Vulnerability

Medium

CVE-2025-43781

Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2025-43779

Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2025-43776

Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2025-43775

Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2025-4655

Liferay DXP Server-Side Request Forgery (SSRF) Vulnerability

Medium

CVE-2025-43807

Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2025-43809

Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability

Medium

CVE-2025-43762

Liferay DXP Allocation of Resources Without Limits or Throttling Vulnerability

Medium

CVE-2025-4604

Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2025-43761

Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2025-43757

Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2025-43756

Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2025-43755

Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2025-43754

Liferay DXP Observable Timing Discrepancy Vulnerability

Medium

CVE-2025-43747

Liferay DXP Server-Side Request Forgery (SSRF) Vulnerability

Medium

CVE-2025-43746

Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2025-62266

Liferay DXP URL Redirection to Untrusted Site (Open Redirect) Vulnerability

Medium

CVE-2025-62244

Liferay DXP Authorization Bypass Through User-Controlled Key Vulnerability

Medium

CVE-2025-62243

Liferay DXP Incorrect Authorization Vulnerability

Medium

CVE-2025-4599

Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2025-43819

Liferay DXP Insufficient Session Expiration Vulnerability

Medium

CVE-2025-4576

Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2025-43829

Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium