| CVE |
Severity |
CVSS |
Risk |
Published |
Description |
Impact |
| CVE-2020-7961 |
unknown |
— |
1.5 |
4y ago |
Liferay Portal contains a deserialization of untrusted data vulnerability that allows remote attackers to execute code via JSON web services. |
|
| CVE-2025-43792 |
unknown |
— |
— |
8mo ago |
Liferay Portal has External Control of System or Configuration Settings |
|
| CVE-2025-43793 |
unknown |
— |
— |
8mo ago |
Liferay Portal has Improper Validation of Specified Quantity in Input |
|
| CVE-2025-43770 |
unknown |
— |
— |
9mo ago |
Liferay Portal vulnerable to Reflected XSS with the referer and forward parameter |
|
| CVE-2025-3526 |
unknown |
— |
— |
1y ago |
Liferay Portal SessionClicks does not restrict the saving of request parameters in the HTTP session |
|
| CVE-2024-25607 |
unknown |
— |
— |
2y ago |
Liferay Portal defaults to a low work factor for the default password hashing algorithm |
|