com.liferay.portal:release.dxp.bom vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2025-43785Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP vulnerable to Stored Cross-site ScriptingCVE-2025-43776Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP vulnerable to store Cross-site ScriptingCVE-2025-43734Mediumcom.liferay.portal:release.portal.bom: Liferay Portal 7.4.0 and Liferay DXP have a reflected cross-site scripting (XSS) vulnerabilityCVE-2025-43735Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP have a reflected cross-site scripting vulnerabilityCVE-2025-43736Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP have a Denial Of Service via File Upload (DOS) vulnerabilityCVE-2025-4581Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP vulnerable to Server-Side Request ForgeryCVE-2025-4655Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP vulnerable to Server-Side Request ForgeryCVE-2025-3760Mediumcom.liferay.portal:release.portal.bom: Liferay Cross-site Scripting vulnerabilityCVE-2025-2565Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP Reveals Data via FormsCVE-2025-2536Mediumcom.liferay.portal:release.dxp.bom: Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS)CVE-2023-37940Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy pageCVE-2024-11993Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP vulnerable to Cross-site ScriptingCVE-2024-26271Highcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the My Account WidgetCVE-2024-38002Criticalcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP Workflow Component Does Not Check User PermissionsCVE-2024-26273Highcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the Content Page EditorCVE-2024-26272Highcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the Content Page EditorCVE-2024-8980Criticalcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP Vulnerable to CSRF in the Script ConsoleCVE-2023-47795Criticalcom.liferay.portal:release.portal.bom: Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site ScriptingCVE-2024-25151Mediumcom.liferay.portal:release.portal.bom: Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofingCVE-2024-26269Criticalcom.liferay.portal:release.portal.bom: Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site ScriptingCVE-2024-25603Criticalcom.liferay.portal:release.portal.bom: Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site ScriptingCVE-2024-26266Criticalcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP vulnerable to stored Cross-site ScriptingCVE-2024-25601Criticalcom.liferay.portal:release.portal.bom: Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site ScriptingCVE-2024-25152Criticalcom.liferay.portal:release.portal.bom: Liferay Portal Message Board widget and Liferay DXP vulnerable to stored Cross-site ScriptingCVE-2024-25147Criticalcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting

Stop the waste.
Protect your environment with Kodem.