VYPR

Maven package

com.liferay/com.liferay.change.tracking.web

pkg:maven/com.liferay/com.liferay.change.tracking.web

Vulnerabilities (4)

  • CVE-2025-62242Oct 13, 2025
    affected < 2.0.120fixed 2.0.120

    Insecure Direct Object Reference (IDOR) vulnerability with account addresses in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated users to from one account t

  • CVE-2025-62243Oct 13, 2025
    affected < 2.0.122fixed 2.0.122

    Insecure direct object reference (IDOR) vulnerability in Publications in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated attackers to view publication commen

  • CVE-2025-62244Oct 13, 2025
    affected < 2.0.122fixed 2.0.122

    Insecure direct object reference (IDOR) vulnerability in Publications in Liferay Portal 7.3.1 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92, and 7.3 GA through update 36 allows remote authenticated attack

  • CVE-2025-62245Oct 10, 2025
    affected >= 2.0.9, < 2.0.121fixed 2.0.121

    Cross-site request forgery (CSRF) vulnerability in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to add and edit publication comments.