VYPR

Maven package

com.liferay/com.liferay.portal.workflow.kaleo.forms.web

pkg:maven/com.liferay/com.liferay.portal.workflow.kaleo.forms.web

Vulnerabilities (2)

  • CVE-2025-43778Sep 9, 2025
    affected >= 5.0.3, < 5.0.107fixed 5.0.107

    A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.11, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 20

  • CVE-2025-43772HigSep 4, 2025
    affected < 5.0.29fixed 5.0.29

    Kaleo Forms Admin in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 27, and older unsupported versions does not restrict the saving of request parameters in the portlet session, which allows remote attackers to consume system memory leading to