CVE-2025-43803

Medium CVSS: 6.9

Insecure direct object reference (IDOR) vulnerability in the Contacts Center widget in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote attackers to view contact information, including the contact’s name and email address, via the _com_liferay_contacts_web_portlet_ContactsCenterPortlet_entryId parameter.

Vendor

Liferay

Product

Digital Experience Platform

CWE

CWE-639

Yayın Tarihi

2025-09-19 19:15:41

Güncelleme

2025-12-16 16:38:56

Source Identifier

security@liferay.com

KEV Date Added

Kategoriler

CWE-639 Digital Experience Platform MEDIUM Liferay 2025

Referanslar

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43803

Benzer Kayıtlar

Medium

CVE-2025-62275

Blogs in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.…

Medium

CVE-2025-62276

The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported ver…

Medium

CVE-2025-62267

Multiple cross-site scripting (XSS) vulnerabilities in web content template’s select structure page in Liferay Portal 7.…

Medium

CVE-2025-62264

Reflected cross-site scripting (XSS) vulnerability in Languauge Override in Liferay Portal 7.4.3.8 through 7.4.3.111, an…

Medium

CVE-2025-62265

Cross-site scripting (XSS) vulnerability in the Blogs widget in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupp…

Medium

CVE-2025-62266

By default, Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2024.Q1.1 through 20…