Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay digital experience platform 7.2 vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-42628
Stored cross-site scripting (XSS) vulnerability in the Wiki widget in Liferay Portal 7.1.0 up to and including 7.4.3.87, and Liferay DXP 7.0 fix pack 83 through 102, 7.1 fix pack 28 and previous versions, 7.2 fix pack 20 and previous versions, 7.3 update 33 and previous versions,...
Liferay Digital Experience Platform 7.2
Liferay Digital Experience Platform 7.1
Liferay Digital Experience Platform 7.0
Liferay Digital Experience Platform 7.3
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
7.5
CVSSv3
CVE-2023-33949
In Liferay Portal 7.3.0 and previous versions, and Liferay DXP 7.2 and previous versions the default configuration does not require users to verify their email address, which allows remote malicious users to create accounts using fake email addresses or email addresses which they...
Liferay Digital Experience Platform 7.2
Liferay Digital Experience Platform 7.1
Liferay Digital Experience Platform 7.0
Liferay Liferay Portal
5.4
CVSSv3
CVE-2023-33939
Cross-site scripting (XSS) vulnerability in the Modified Facet widget in Liferay Portal 7.1.0 up to and including 7.4.3.12, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 18, 7.3 before update 4, and 7.4 before update 9 allows remote malicious users to inject arbitra...
Liferay Digital Experience Platform 7.2
Liferay Digital Experience Platform 7.1
Liferay Digital Experience Platform 7.3
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
5.4
CVSSv3
CVE-2023-33937
Stored cross-site scripting (XSS) vulnerability in Form widget configuration in Liferay Portal 7.1.0 up to and including 7.3.0, and Liferay DXP 7.1 before fix pack 18, and 7.2 before fix pack 5 allows remote malicious users to inject arbitrary web script or HTML via a crafted pay...
Liferay Digital Experience Platform 7.2
Liferay Digital Experience Platform 7.1
Liferay Liferay Portal
4.3
CVSSv3
CVE-2022-42130
The Dynamic Data Mapping module in Liferay Portal 7.1.0 up to and including 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permission of form entries, which allows remote authenticated users to view...
Liferay Digital Experience Platform 7.2
Liferay Digital Experience Platform 7.1
Liferay Digital Experience Platform 7.3
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
4.8
CVSSv3
CVE-2022-42131
Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers. This affects Liferay Portal 7.1.0 up to and including 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before s...
Liferay Digital Experience Platform 7.2
Liferay Digital Experience Platform 7.1
Liferay Liferay Portal
Liferay Digital Experience Platform 7.3
5.9
CVSSv3
CVE-2022-42132
The Test LDAP Users functionality in Liferay Portal 7.0.0 up to and including 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and previous versions, 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before update 4, and DXP 7.4 GA includes the LDAP credential in the page URL when pag...
Liferay Digital Experience Platform 7.2
Liferay Digital Experience Platform 7.1
Liferay Digital Experience Platform 7.0
Liferay Digital Experience Platform 7.3
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
7.5
CVSSv3
CVE-2022-42124
ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 up to and including 7.4.3.4 and Liferay DXP 7.2 fix pack 9 through fix pack 18, 7.3 before update 4, and DXP 7.4 GA allows remote malicious users to consume an excessive amount of server resource...
Liferay Digital Experience Platform 7.2
Liferay Digital Experience Platform 7.3
Liferay Liferay Portal
Liferay Digital Experience Platform 7.4
6.1
CVSSv3
CVE-2022-26596
Cross-site scripting (XSS) vulnerability in Journal module's web content display configuration page in Liferay Portal 7.1.0 up to and including 7.3.3, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 8, allows remote malicious users to ...
Liferay Digital Experience Platform 7.2
Liferay Digital Experience Platform 7.1
Liferay Digital Experience Platform 7.0
Liferay Liferay Portal
4.3
CVSSv3
CVE-2022-26595
Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups, which allows remote authenticated users to view sites/groups via the user's site membership assignment U...
Liferay Liferay Portal 7.4.0
Liferay Digital Experience Platform 7.2
Liferay Digital Experience Platform 7.3
Liferay Liferay Portal 7.4.1
Liferay Liferay Portal 7.3.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
brute force
CVE-2024-24908
open redirect
CVE-2024-31497
CVE-2023-45866
CVE-2024-4135
CVE-2024-25523
cache poisoning
CVE-2024-4649
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »