Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay digital experience platform 7.4 vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2023-33945
SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 up to and including 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows malicious users to execute arbitrary SQL commands via the name of a database table's p...
Liferay Digital Experience Platform 7.3
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
7.5
CVSSv3
CVE-2023-33950
Pattern Redirects in Liferay Portal 7.4.3.48 up to and including 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote malicious users to consume an excessive amount of server...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
7.5
CVSSv3
CVE-2023-33948
The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote malicious users to download any file from Document and Media via a crafted URL.
Liferay Liferay Portal 7.4.3.67
Liferay Digital Experience Platform 7.4
7.5
CVSSv3
CVE-2022-42123
A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 up to and including 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows malicious users to create or overwrite existing files on the filesystem via the installation of a mal...
Liferay Digital Experience Platform 7.3
Liferay Liferay Portal
Liferay Digital Experience Platform 7.4
7.5
CVSSv3
CVE-2022-42124
ReDoS vulnerability in LayoutPageTemplateEntryUpgradeProcess in Liferay Portal 7.3.2 up to and including 7.4.3.4 and Liferay DXP 7.2 fix pack 9 through fix pack 18, 7.3 before update 4, and DXP 7.4 GA allows remote malicious users to consume an excessive amount of server resource...
Liferay Digital Experience Platform 7.2
Liferay Digital Experience Platform 7.3
Liferay Liferay Portal
Liferay Digital Experience Platform 7.4
7.5
CVSSv3
CVE-2022-42125
Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 up to and including 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows malicious users to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module.
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
6.1
CVSSv3
CVE-2023-44311
Multiple reflected cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 up to and including 7.4.3.89, and Liferay DXP 7.4 update 41 through update 89 allow remote malicious users to...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
6.1
CVSSv3
CVE-2023-42497
Reflected cross-site scripting (XSS) vulnerability on the Export for Translation page in Liferay Portal 7.4.3.4 up to and including 7.4.3.85, and Liferay DXP 7.4 before update 86 allows remote malicious users to inject arbitrary web script or HTML via the `_com_liferay_translatio...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
6.1
CVSSv3
CVE-2023-33944
Cross-site scripting (XSS) vulnerability in Layout module in Liferay Portal 7.3.4 up to and including 7.4.3.68, and Liferay DXP 7.3 before update 24, and 7.4 before update 69 allows remote malicious users to inject arbitrary web script or HTML via a crafted payload injected into ...
Liferay Digital Experience Platform 7.3
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
6.1
CVSSv3
CVE-2023-33941
Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 up to and including 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote malicious users to inject arbitrary...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-20065
open redirect
CVE-2024-1086
path traversal
CVE-2024-29825
XXE
CVE-2024-29822
CVE-2024-20696
CVE-2024-3564
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »