Vulnerability Database

308,485

Total vulnerabilities in the database

CVE-2025-62261

Liferay Portal 7.4.0 through 7.4.3.99, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 34, and older unsupported versions stores password reset tokens in plain text, which allows attackers with access to the database to obtain the token, reset a user’s password and take over the user’s account.

CVSS v3:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
Maven icon com.liferay.portal / release.portal.bom 7.4.0-ga1 7.4.3.100
Maven icon com.liferay.portal / com.liferay.portal.impl - 92.0.2
liferay / digital_experience_platform 7.3 7.3.x
liferay / digital_experience_platform 7.3-fix_pack_1 7.3-fix_pack_1.x
liferay / digital_experience_platform 7.3-fix_pack_2 7.3-fix_pack_2.x
liferay / digital_experience_platform 7.3-service_pack_1 7.3-service_pack_1.x
liferay / digital_experience_platform 7.3-service_pack_2 7.3-service_pack_2.x
liferay / digital_experience_platform 7.3-service_pack_3 7.3-service_pack_3.x
liferay / digital_experience_platform 7.3-update1 7.3-update1.x
liferay / digital_experience_platform 7.3-update10 7.3-update10.x
liferay / digital_experience_platform 7.3-update11 7.3-update11.x
liferay / digital_experience_platform 7.3-update12 7.3-update12.x
liferay / digital_experience_platform 7.3-update13 7.3-update13.x
liferay / digital_experience_platform 7.3-update14 7.3-update14.x
liferay / digital_experience_platform 7.3-update15 7.3-update15.x
liferay / digital_experience_platform 7.3-update16 7.3-update16.x
liferay / digital_experience_platform 7.3-update17 7.3-update17.x
liferay / digital_experience_platform 7.3-update18 7.3-update18.x
liferay / digital_experience_platform 7.3-update19 7.3-update19.x
liferay / digital_experience_platform 7.3-update2 7.3-update2.x
liferay / digital_experience_platform 7.3-update20 7.3-update20.x
liferay / digital_experience_platform 7.3-update21 7.3-update21.x
liferay / digital_experience_platform 7.3-update22 7.3-update22.x
liferay / digital_experience_platform 7.3-update23 7.3-update23.x
liferay / digital_experience_platform 7.3-update24 7.3-update24.x
liferay / digital_experience_platform 7.3-update25 7.3-update25.x
liferay / digital_experience_platform 7.3-update26 7.3-update26.x
liferay / digital_experience_platform 7.3-update27 7.3-update27.x
liferay / digital_experience_platform 7.3-update28 7.3-update28.x
liferay / digital_experience_platform 7.3-update29 7.3-update29.x
liferay / digital_experience_platform 7.3-update3 7.3-update3.x
liferay / digital_experience_platform 7.3-update30 7.3-update30.x
liferay / digital_experience_platform 7.3-update31 7.3-update31.x
liferay / digital_experience_platform 7.3-update32 7.3-update32.x
liferay / digital_experience_platform 7.3-update33 7.3-update33.x
liferay / digital_experience_platform 7.3-update34 7.3-update34.x
liferay / digital_experience_platform 7.3-update4 7.3-update4.x
liferay / digital_experience_platform 7.3-update5 7.3-update5.x
liferay / digital_experience_platform 7.3-update6 7.3-update6.x
liferay / digital_experience_platform 7.3-update7 7.3-update7.x
liferay / digital_experience_platform 7.3-update8 7.3-update8.x
liferay / digital_experience_platform 7.3-update9 7.3-update9.x
liferay / digital_experience_platform 7.4 7.4.x
liferay / digital_experience_platform 2023.q3.1 2023.q3.1.x
liferay / digital_experience_platform 2023.q3.2 2023.q3.2.x
liferay / digital_experience_platform 2023.q3.3 2023.q3.3.x
liferay / digital_experience_platform 2023.q3.4 2023.q3.4.x
liferay / liferay_portal 7.0.0 7.4.3.100