VYPR

Maven package

com.liferay/com.liferay.portal.workflow.kaleo.designer.web

pkg:maven/com.liferay/com.liferay.portal.workflow.kaleo.designer.web

Vulnerabilities (2)

  • CVE-2025-62239Oct 10, 2025
    affected >= 5.0.56, < 5.0.124fixed 5.0.124

    Cross-site scripting (XSS) vulnerability in workflow process builder in Liferay Portal 7.4.3.21 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 21 through update 92 allows remote authenticated attackers to inject arbitra

  • CVE-2025-43764Aug 23, 2025
    affected < 5.0.145fixed 5.0.145

    Self-ReDoS (Regular expression Denial of Service) exists with Role Name search field of Kaleo Designer portlet JavaScript in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.1, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1