pkg:Maven/com.liferay.portal:release.portal.bom

159 total CVEsCRITICAL18HIGH21MEDIUM78

✅ Check your installed version

All known vulnerabilities

CRITICAL9.8CVE-2022-42122Liferay Portal and Liferay DXP Vulnerable to SQL Injection via Friendly URL Module
>= 7.3.7, < 7.4.0-ga1
CRITICAL9.8CVE-2019-16891Liferay Portal Allows RCE via Deserialization of a JSON Payload
from 0, < 7.1.1
CRITICAL9.6CVE-2024-8980Liferay Portal and Liferay DXP Vulnerable to CSRF in the Script Console
>= 7.0.0-a1, < 7.4.3.102-GA102
CRITICAL9.6CVE-2024-26269Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting
>= 7.2.0, < 7.4.3.38
CRITICAL9.6CVE-2023-42498Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting
>= 7.4.3.8, < 7.4.3.98
CRITICAL9.6CVE-2024-25147Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting
from 0, <= 7.4.1
CRITICAL9.6CVE-2023-42496Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
>= 7.3.3, < 7.4.3.98
CRITICAL9.6CVE-2024-25145Liferay Portal stored cross-site scripting (XSS) vulnerability
from 0, < 7.4.3.12
CRITICAL9.6CVE-2023-47797Liferay Portal XSS with `p_l_back_url_title` on edit content page
>= 7.4.3.94, < 7.4.3.96
CRITICAL9.0CVE-2024-38002Liferay Portal and Liferay DXP Workflow Component Does Not Check User Permissions
>= 7.3.2-ga3, < 7.4.3.112-ga112
CRITICAL9.0CVE-2023-47795Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting
>= 7.4.3.18, < 7.4.3.102
CRITICAL9.0CVE-2024-26266Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting
from 0, < 7.4.3.14
CRITICAL9.0CVE-2024-25603Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting
from 0, < 7.4.3.5
CRITICAL9.0CVE-2024-25601Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site Scripting
from 0, <= 7.4.2
CRITICAL9.0CVE-2024-25152Liferay Portal Message Board widget and Liferay DXP vulnerable to stored Cross-site Scripting
from 0, <= 7.4.2
CRITICAL9.0CVE-2024-25602Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site Scripting
from 0, <= 7.4.2
CRITICAL9.0CVE-2023-40191Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
>= 7.4.3.44, < 7.4.3.98
CRITICAL9.0CVE-2024-25610Liferay Portal has a Stored XSS with Blog entries (Insecure defaults)
from 0, < 7.4.3.13
HIGH8.8CVE-2024-26271Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the My Account Widget
>= 7.4.3.75, < 7.4.3.112
HIGH8.8CVE-2024-26273Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the Content Page Editor
>= 7.4.0, < 7.4.3.104
HIGH8.8CVE-2024-26272Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the Content Page Editor
>= 7.3.2, < 7.4.3.108
HIGH8.8CVE-2023-35030Liferay Portal and Liferay DXP Vulnerable to CSRF via the Layout Module
>= 7.4.3.70-ga70, < 7.4.3.77-ga77
HIGH8.8CVE-2021-29053Liferay Portal and Liferay DXP Vulnerable to Multiple SQL Injections
>= 7.3.5, < 7.3.6
HIGH8.8CVE-2020-13445Liferay Portal and Liferay DXP Vulnerable to Arbitrary Code Execution
from 0, < 7.3.2
HIGH8.3CVE-2020-15841Liferay Portal and Liferay DXP Potentially Reveal LDAP Server Password via Unsafe Connection
from 0, < 7.3.0
HIGH8.1CVE-2024-25607Liferay Portal defaults to a low work factor for the default password hashing algorithm
from 0, < 7.4.3.14
HIGH8.1CVE-2024-25148Liferay Portal vulnerable to user impersonation
>= 7.2.0, < 7.4.2
HIGH8.1CVE-2023-33945SQL injection in Liferay Portal
>= 7.3.1, < 7.4.3.18
HIGH8.1CVE-2020-15842Liferay Portal and Liferay DXP have Insecure Deserialization Vulnerability
from 0, < 7.3.0
HIGH8.0CVE-2024-25606Liferay Portal has an XXE vulnerability in Java2WsddTask._format
from 0, < 7.4.3.8
HIGH7.5CVE-2023-33948Missing authorization in Liferay portal
>= 7.4.3.67, < 7.4.3.68
HIGH7.5CVE-2022-42125Path Traversal in Liferay Portal
>= 7.4.3.5, < 7.4.3.48
HIGH7.5CVE-2022-42124Inefficient Regular Expression Complexity in Liferay Portal
>= 7.3.2, < 7.4.3.5
HIGH7.5CVE-2022-42123Path Traversal in Liferay Portal
>= 7.3.3, < 7.4.3.19
HIGH7.5CVE-2021-33338Liferay Portal Layout Module and Liferay DXP Exposes the Cross-Site Request Forgery (CSRF) Token in URLs
>= 7.1.0, < 7.3.3
HIGH7.5CVE-2021-33321Liferay Portal and Liferay DXP insecure default configuration
from 0, < 7.3.3
HIGH7.5CVE-2021-29047Liferay Portal and Liferay DXP Fails to Invalidate CAPTCHA Answers After Use
>= 7.3.4, < 7.3.6
HIGH7.5CVE-2020-24554Open Redirect in Liferay Portal
from 0, < 7.3.3
HIGH7.2CVE-2021-33335Liferay Portal and Liferay DXP Has Company Administrator Accounts Vulnerable to Takeovers
>= 7.0.3, < 7.3.5
MEDIUM6.5CVE-2024-26270Liferay Portal and Liferay DXP vulnerable to theft of hashed password
>= 7.4.3.76, < 7.4.3.100
MEDIUM6.5CVE-2024-25604Liferay Portal and Liferay DXP Allows Authenticated Users with View Permissions to Edit Permissions
>= 7.2.0, < 7.4.3.5-ga5
MEDIUM6.5CVE-2024-25143Liferay Portal denial of service (memory consumption)
>= 7.2.0, < 7.3.7
MEDIUM6.5CVE-2023-33950Liferay Portal has Inefficient Regular Expression
>= 7.4.3.48, < 7.4.3.77
MEDIUM6.5CVE-2020-13444Liferay Portal and Liferay DXP Fails to Sanitize API Data
>= 7.0.0, < 7.3.2
MEDIUM6.4CVE-2023-33942Cross-site scripting in Liferay Portal
>= 7.4.3.50, < 7.4.3.51
MEDIUM6.3CVE-2022-45320Privilege escalation in Liferay Portal
from 0, < 7.4.3.16
MEDIUM6.3CVE-2021-33333Liferay Portal and Liferay DXP Fails to Check User Permissions for Workflow Submissions
from 0, <= 7.3.2
MEDIUM6.1CVE-2025-62264Liferay Portal Vulnerable to Reflected XSS via the selectedLanguageId Parameter
>= 7.4.3.8, < 7.4.3.112-ga112
MEDIUM6.1CVE-2024-11993Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting
>= 7.1.0, < 7.4.3.39
MEDIUM6.1CVE-2024-25609Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Two Forward Slashes
>= 7.2.0, < 7.4.3.13-ga13
MEDIUM6.1CVE-2024-25608Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Replacement Character
>= 7.2.0, < 7.4.3.19-ga19
MEDIUM6.1CVE-2023-5190Liferay Portal and Liferay DXP Vulnerable to Open Redirect in Countries Management's Edit Region Page
>= 7.4.3.45-ga45, < 7.4.3.102-ga102
MEDIUM6.1CVE-2023-3193Liferay Portal and Liferay DXP Vulnerable to XSS via the Layout Module
>= 7.4.3.70-ga70, < 7.4.3.74-ga74
MEDIUM6.1CVE-2023-35029Liferay Portal and Liferay DXP Vulnerable to Open Redirect via the Layout Module
>= 7.4.3.70-ga70, < 7.4.3.77-ga77
MEDIUM6.1CVE-2023-33944Cross-site scripting in Liferay Portal
>= 7.3.4, < 7.4.3.69
MEDIUM6.1CVE-2023-33941Cross-site scripting in Liferay Portal
>= 7.4.3.41, < 7.4.3.53
MEDIUM6.1CVE-2022-28977Liferay Portal and Liferay DXP HtmlUtil.escapeRedirect Can Be Circumvented
>= 7.3.1-ga2, < 7.4.3.4-ga4
MEDIUM6.1CVE-2021-35463Liferay Portal cross-site scripting (XSS) vulnerability in the Frontend Taglib module
>= 7.4.0, < 7.4.1
MEDIUM6.1CVE-2021-33332Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS)
>= 7.1.0, <= 7.3.2
MEDIUM6.1CVE-2021-33331Liferay Portal and Liferay DXP Allows Arbitrary Redirect of Users to External URLs
>= 7.0.0, <= 7.3.1
MEDIUM6.1CVE-2021-29044Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via Membership Request Admin Page
>= 7.0.0, < 7.3.6
MEDIUM6.1CVE-2021-29048Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in the Layout Admin Page
>= 7.3.4, < 7.3.6
MEDIUM6.1CVE-2021-29046Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via Asset Module Parameter
MEDIUM6.1CVE-2021-29045Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via the Redirect's Admin Page
>= 7.3.2, <= 7.3.5
MEDIUM6.1CVE-2021-29051Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Asset Publisher App
>= 7.2.1, < 7.3.6
MEDIUM6.1CVE-2021-29039Liferay Portal Vulnerable to Cross-Site Scripting (XSS) via Categories Admin Page
>= 7.3.4, < 7.3.5
MEDIUM6.1CVE-2020-25476Liferay Portal Vulnerable to Cross-Site Scripting (XSS) via User Name Parameter
from 0, <= 7.1.3
MEDIUM6.1CVE-2017-12648Liferay Portal XSS Vulnerability
from 0, < 7.0.3-GA4
MEDIUM6.1CVE-2017-12647Liferay Portal Vulnerable to XSS via a Knowledge Base Article Title
from 0, < 7.0.3-ga4
MEDIUM6.1CVE-2017-12646Liferay Portal XSS Vulnerability
from 0, < 7.0.3-GA4
MEDIUM6.1CVE-2016-10404Liferay Portal Vulnerable to XSS via a Crafted Redirect Field
from 0, < 7.0.3-ga4
MEDIUM6.1CVE-2017-12645Liferay Portal Vulnerable to XSS via an Invalid portletId
from 0, < 7.0.3-ga4
MEDIUM6.1CVE-2017-12649Liferay Portal Vulnerable to XSS via Mishandled Title or Summary in the Web Content Display
from 0, < 7.0.3-ga4
MEDIUM6.1CVE-2017-1000425Liferay Portal XSS vulnerability via movie parameter in the /html/portal/flash.jsp page
from 0, < 7.1.0-a1
MEDIUM5.9CVE-2022-42132Liferay Portal and Liferay DXP Includes LDAP Credentials in the Page URL
>= 7.0.0, < 7.4.3.5-ga5
MEDIUM5.9CVE-2021-29043Liferay Portal and Liferay DXP May Reveal S3 Store's Proxy Password
>= 7.0.0, < 7.3.6
MEDIUM5.4CVE-2024-25151Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofing
from 0, < 7.4.3.4
MEDIUM5.4CVE-2024-25149Liferay Portal and Liferay DXP Does Not Properly Restrict Membership to Child Site Based on Parent Site Options
>= 7.2.0, < 7.4.2-ga3
MEDIUM5.4CVE-2023-47798Liferay Portal's account lockout does not invalidate existing user sessions
>= 7.2.0, < 7.3.1
MEDIUM5.4CVE-2023-33937Cross-site scripting in Liferay Portal
>= 7.1.0, < 7.3.1
MEDIUM5.4CVE-2023-33943Cross-site scripting in Liferay Portal
>= 7.4.3.21, < 7.4.3.63
MEDIUM5.4CVE-2023-33939Cross-site scripting in Liferay Portal
>= 7.1.0, < 7.4.3.13
MEDIUM5.4CVE-2021-33336Liferay Portal Journal Module and Liferay DXP Vulnerable to Cross-Site Scripting (XSS)
>= 7.3.0, < 7.3.4
MEDIUM5.4CVE-2021-33328Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Edit Vocabulary Page
>= 7.0.0, <= 7.3.4
MEDIUM5.4CVE-2020-7934Liferay Portal Vulnerable to Persistent Cross-Site Scripting (XSS) in MyAccountPortlet
>= 7.1.0, < 7.3.0
MEDIUM5.4CVE-2021-38267Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS) in edit blog entry page
>= 7.3.2, < 7.3.7-ga8
MEDIUM5.3CVE-2024-26268Liferay Portal and Liferay DXP User Enumeration Vulnerability
>= 7.2.0, < 7.4.3.27-ga27
MEDIUM5.3CVE-2024-26267Liferay Portal and Liferay DXP HTTP Header Can Expose Versions
>= 7.2.0, < 7.4.3.26-ga26
MEDIUM5.3CVE-2024-25605Liferay Portal and Liferay DXP Allows Templates to be Viewed via the UI or API
>= 7.2.0, < 7.4.3.5-ga5
MEDIUM5.3CVE-2024-25146Liferay Portal allows attackers to discover the existence of sites
>= 7.2.0, < 7.4.2
MEDIUM5.3CVE-2023-33949Insecure Default Initialization In Liferay Portal
>= 7.0.0, < 7.3.1
MEDIUM5.3CVE-2022-42127Incorrect Default Permissions in Liferay Portal
>= 7.4.3.5, < 7.4.3.48
MEDIUM5.3CVE-2022-42128Incorrect Default Permissions in Liferay Portal
>= 7.4.1, < 7.4.3.5
MEDIUM5.3CVE-2022-41414Liferay Portal Insecure Default Configuration in auth.login.prompt.enabled
>= 7.0.0-a1, < 7.4.2-ga3
MEDIUM5.3CVE-2021-29040Liferay Portal and Liferay DXP Reveals Data via Overly Verbose Error Messages
from 0, < 7.3.5
MEDIUM5.3CVE-2020-15840Liferay Portal and Liferay DXP Bypass via Double Encoded URL
from 0, < 7.3.1
MEDIUM5.0CVE-2024-26265Liferay Portal vulnerable to Denial of Service
from 0, < 7.4.3.16
MEDIUM4.9CVE-2021-33325Liferay Portal and Liferay DXP Stores User Passwords in Cleartext
>= 7.3.0, <= 7.3.2
MEDIUM4.8CVE-2023-37940Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page
>= 7.0.0, < 7.4.3.88
MEDIUM4.8CVE-2023-33940Cross-site scripting in Liferay Portal
>= 7.4.0, < 7.4.3.31
MEDIUM4.8CVE-2023-33938Cross-site scripting in Liferay Portal
>= 7.3.0, < 7.4.1
MEDIUM4.8CVE-2022-42131Improper Certificate Validation in Liferay Portal
>= 7.1.0, < 7.4.3.4
MEDIUM4.8CVE-2021-33339Liferay Portal Fragment Module and Liferay DXP Vulnerable to Cross-Site Scripting
>= 7.2.1, < 7.3.5
MEDIUM4.7CVE-2019-6588Liferay Portal Allows Cross-Site Scripting (XSS) via the SimpleCaptcha API
from 0, < 7.1.0
MEDIUM4.3CVE-2024-25150Liferay Portal and Liferay DXP Information Disclosure Vulnerability in the Control Panel
>= 7.2.0, < 7.4.3.4-ga4
MEDIUM4.3CVE-2023-33946Liferay portal unauthorized access to objects via OAuth 2 scope
>= 7.4.3.4, < 7.4.3.49
MEDIUM4.3CVE-2023-33947Liferay portal has unauthorized access to object definition via search
>= 7.4.3.4, < 7.4.3.61
MEDIUM4.3CVE-2022-42126Missing permissions check in Liferay Portal
>= 7.3.5, < 7.4.3.48
MEDIUM4.3CVE-2022-42129Authorization Bypass in Liferay Portal
>= 7.3.2, < 7.4.3.5
MEDIUM4.3CVE-2022-42130Incorrect Default Permissions in Liferay Portal
>= 7.1.0, < 7.4.3.5
MEDIUM4.3CVE-2022-39975Liferay Portal Missing Authorization vulnerability
>= 7.3.3, < 7.4.3.35
MEDIUM4.3CVE-2021-33330Exposure of Resource to Wrong Sphere in Liferay Portal
>= 7.2.0, < 7.3.3
MEDIUM4.3CVE-2021-33324Liferay Portal and Liferay DXP Don't Check Permissions of Pages
>= 7.1.0, < 7.3.2
MEDIUM4.3CVE-2021-33334Liferay Portal and Liferay DXP Fails to Properly Check User Permissions
>= 7.0.0, <= 7.3.2
MEDIUM4.3CVE-2021-29052Liferay Portal and Liferay DXP Fails to Check Permissions
>= 7.3.0, <= 7.3.5
MEDIUM4.3CVE-2022-26595Liferay Portal and Liferay DXP fails to check permissions to view sites/groups
MEDIUM4.1CVE-2024-25144Liferay Portal denial-of-service vulnerability
>= 7.2.0, < 7.4.3.27
—CVE-2025-62265Liferay Portal is vulnerable to XSS in the Blogs widget
>= 7.4.0-ga1, < 7.4.3.112-ga112
—CVE-2025-62266Liferay Portal is vulnerable to DNS rebinding attacks
>= 7.4.0-ga1, < 7.4.3.110
—CVE-2025-62257Liferay Portal vulnerable to password enumeration
>= 7.4.0-ga1, < 7.4.3.120
—CVE-2025-62259Liferay Portal Does Not Limit Access to APIs Before Email Verification
>= 7.4.0-ga1, < 7.4.3.110
—CVE-2025-62258Liferay Portal Vulnerable to CSRF in Headless APIs
>= 7.4.0-ga1, < 7.4.3.108
—CVE-2025-62260Liferay Portal Vulnerable to DoS via Crafted Headless API Request
>= 7.4.0-ga1, < 7.4.3.100
—CVE-2025-62261Liferay Portal Stores Password Reset Tokens in Plain Text
>= 7.4.0-ga1, < 7.4.3.100
—CVE-2025-43830Liferay Portal is vulnerable to Stored XSS through Forms text type field
>= 7.3.2, < 7.4.3.112-ga112
—CVE-2025-43823Liferay Portal is vulnerable to XSS through its Commerce Search Result widget
>= 7.4.0, < 7.4.3.112-ga112
—CVE-2025-43822Liferay Portal has multiple Stored XSS vulnerabilities on its View Order page
>= 7.4.3.15, < 7.4.3.112-ga112
—CVE-2025-43824Liferay Profile Widget does not prevent vCard extension spoofing
>= 7.4.0-ga1, < 7.4.3.112-ga112
—CVE-2025-43826Liferay Portal Vulnerable to XSS in Web Content translation
>= 7.4.0-ga1, < 7.4.3.113-ga113
—CVE-2025-43817Liferay Portal vulnerable to reflected cross-site scripting via the `redirect` parameter
>= 7.4.3.74-ga74, < 7.4.3.112-ga112
—CVE-2025-43820Liferay Portal vulnerable to cross-site scripting in the Calendar widget
>= 7.4.3.35-ga35, < 7.4.3.111-ga111
—CVE-2025-43813Liferay Portal vulnerable to path traversal and denial-of-service in the ComboServlet
>= 7.4.0-ga1, < 7.4.3.108-ga108
—CVE-2025-43812Liferay Portal vulnerable to cross-site scripting in the web content template
>= 7.4.3.4-ga4, < 7.4.3.112-ga112
—CVE-2025-43799Liferay Portal Uses Default Password
>= 7.4.0, < 7.4.3.112
—CVE-2025-43785Liferay Portal and Liferay DXP vulnerable to Stored Cross-site Scripting
>= 7.4.3.45, < 7.4.3.129
—CVE-2025-43776Liferay Portal and Liferay DXP vulnerable to store Cross-site Scripting
>= 7.4.0, <= 7.4.3.132
—CVE-2025-43760Liferay Portal Reflected Cross-Site Scripting Vulnerability via PortalUtil.escapeRedirect
>= 7.4.0-ga1, <= 7.4.3.132-ga132
—CVE-2025-43752Liferay Portal's Unlimited File Upload Could Result in DoS
>= 7.4.0-ga1, <= 7.4.3.132-ga132
—CVE-2025-43754Liferay Portal Username Enumeration Vulnerability
>= 7.4.0-ga1, <= 7.4.3.132-ga132
—CVE-2025-43756Liferay Portal Reflected Cross-Site Scripting Vulnerability via snippet Parameter
—CVE-2025-43757Liferay Portal Vulnerable to Cross-Site Scripting via DDMPortlet_definition Parameter
>= 7.4.0-ga1, <= 7.4.3.132-ga132
—CVE-2025-43746Liferay Portal Vulnerable to Cross-Site Scripting in Dynamic Data Mapping
>= 7.4.0-ga1, <= 7.4.3.132-ga132
—CVE-2025-43748Liferay Portal Vulnerable to Cross-Site Request Forgery
>= 7.0.0-a1, < 7.4.3.120-ga120
—CVE-2025-43749Liferay Portal Unauthenticated File Access via URL
>= 7.4.0-ga1, <= 7.4.3.132-ga132
—CVE-2025-43741Liferay Portal Vulnerable to Cross-Site Scripting via assetTagNames Parameter
>= 7.4.0-ga1, <= 7.4.3.132-ga132
—CVE-2025-43744Liferay Portal Vulnerable to Cross-Site Scripting via DDM Structure Field Labels
>= 7.4.0-ga1, <= 7.4.3.132-ga132
—CVE-2025-43743Liferay Portal Enumeration Discrepancy in Calendars
>= 7.4.0-ga1, <= 7.4.3.132-ga132
—CVE-2025-43745Liferay Portal CSRF Vulnerability via Endpoint Parameter
>= 7.4.0-ga1, <= 7.4.3.132-ga132
—CVE-2025-43740Liferay Portal has Stored Cross-Site Scripting Vulnerability via Message Boards Feature
>= 7.4.3.120-ga120, <= 7.4.3.132-ga23
—CVE-2025-43731Liferay Portal Vulnerable to Cross-Site Scripting
>= 7.4.0-ga1, <= 7.4.3.132-ga132
—CVE-2025-3639Liferay Portal Login Bypass Vulnerability
>= 7.3.0-ga1, <= 7.4.3.132-ga132
—CVE-2025-43734Liferay Portal 7.4.0 and Liferay DXP have a reflected cross-site scripting (XSS) vulnerability
>= 7.4.0, <= 7.4.3.132
—CVE-2025-43735Liferay Portal and Liferay DXP have a reflected cross-site scripting vulnerability
>= 7.4.0, < 7.4.3.132
—CVE-2025-43736Liferay Portal and Liferay DXP have a Denial Of Service via File Upload (DOS) vulnerability
>= 7.4.3.0, <= 7.4.3.132
—CVE-2025-4581Liferay Portal and Liferay DXP vulnerable to Server-Side Request Forgery
>= 7.4.0, <= 7.4.3.132
—CVE-2025-4655Liferay Portal and Liferay DXP vulnerable to Server-Side Request Forgery
>= 7.4.0, <= 7.4.3.132
—CVE-2025-3760Liferay Cross-site Scripting vulnerability
>= 7.2.0, < 7.4.3.132
—CVE-2025-2565Liferay Portal and Liferay DXP Reveals Data via Forms
>= 7.4.0, < 7.4.3.129
—CVE-2025-2536Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS)
>= 7.4.3.82, < 7.4.3.129