VYPR

Digital Experience Platform

by Liferay

Source repositories

CVEs (3)

  • CVE-2025-4655MedAug 9, 2025
    risk 0.33cvss 5.0epss 0.00

    SSRF vulnerability in FreeMarker templates in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92…

  • CVE-2022-38901Oct 19, 2022
    risk 0.00cvss epss 0.01

    A Cross-site scripting (XSS) vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the description field of uploaded svg file.

  • CVE-2022-38902Oct 13, 2022
    risk 0.00cvss epss 0.01

    A Cross-site scripting (XSS) vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic.