Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay liferay portal 7.4.0 vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2022-26597
Cross-site scripting (XSS) vulnerability in the Layout module's Open Graph integration in Liferay Portal 7.3.0 up to and including 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote malicious users to inject arbitrary web script or HTML via the site name.
Liferay Digital Experience Platform 7.3
Liferay Digital Experience Platform
Liferay Liferay Portal
383
VMScore
CVE-2022-26594
Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.5 up to and including 7.4.0, and Liferay DXP 7.3 before service pack 3 allow remote malicious users to inject arbitrary web script or HTML via a form field's help text to (1) Forms module's form b...
Liferay Liferay Portal
Liferay Liferay Portal 7.4.0
383
VMScore
CVE-2021-38264
Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 and 7.4.1 allows remote malicious users to inject arbitrary web script or HTML into the management toolbar search via the `keywords` parameter. This issue is caused by an incomplete fix...
Liferay Liferay Portal 7.4.0
Liferay Liferay Portal 7.4.1
383
VMScore
CVE-2021-35463
Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote malicious users to inject arbitrary web script or HTML into the management toolbar search via the `keywords` parameter.
Liferay Liferay Portal 7.4.0
356
VMScore
CVE-2022-26595
Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups, which allows remote authenticated users to view sites/groups via the user's site membership assignment U...
Liferay Liferay Portal 7.4.0
Liferay Digital Experience Platform 7.2
Liferay Digital Experience Platform 7.3
Liferay Liferay Portal 7.4.1
Liferay Liferay Portal 7.3.7
312
VMScore
CVE-2022-26593
Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 up to and including 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote malicious users to inject arbitrary web script or HTML via the name of a asset ...
Liferay Liferay Portal 7.4.0
Liferay Digital Experience Platform 7.3
Liferay Digital Experience Platform
Liferay Liferay Portal
312
VMScore
CVE-2021-38269
Cross-site scripting (XSS) vulnerability in the Gogo Shell module in Liferay Portal 7.1.0 up to and including 7.3.6 and 7.4.0, and Liferay DXP 7.1 before fix pack 23, 7.2 before fix pack 13, and 7.3 before fix pack 2 allows remote malicious users to inject arbitrary web script or...
Liferay Liferay Portal 7.4.0
Liferay Liferay Portal
Liferay Digital Experience Platform 7.2
Liferay Digital Experience Platform 7.1
Liferay Digital Experience Platform 7.3
NA
CVE-2023-33938
Cross-site scripting (XSS) vulnerability in the App Builder module's custom object details page in Liferay Portal 7.3.0 up to and including 7.4.0, and Liferay DXP 7.3 before update 14 allows remote malicious users to inject arbitrary web script or HTML via a crafted payload ...
Liferay Digital Experience Platform 7.3
Liferay Liferay Portal
NA
CVE-2023-33940
Cross-site scripting (XSS) vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 up to and including 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote malicious users to inject arbitrary web script or HTML via the Remote App's IFrame URL.
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
NA
CVE-2022-42114
A Cross-site scripting (XSS) vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 up to and including 7.4.3.36, and Liferay DXP 7.4 before update 37 allows remote malicious users to inject arbitrary web script or HTML.
Liferay Dxp 7.4
Liferay Dxp
Liferay Liferay Portal
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »