Results for

liferay

10
HIGH
CVE-2012-1712

Directory traversal vulnerability in the Liferay component in Oracle Sun GlassFish Web Space Server before 10.0 Update 7 Patch 2 has unknown impact and attack vectors.

9.3
HIGH
CVE-2011-1571

Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.

LiferayPortal
7.5
HIGH
CVE-2016-6517

Directory traversal vulnerability in Liferay 5.1.0 allows remote attackers to have unspecified impact via a %2E%2E (encoded dot dot) in the minifierBundleDir parameter to barebone.jsp.

6.5
MEDIUM
CVE-2018-10795

** DISPUTED ** Liferay 6.2.x and before has an FCKeditor configuration that allows an attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment via a browser/liferay/browser.html?Type= or html/js/editor/fckeditor/...

6.5
MEDIUM
CVE-2010-5327

Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template.

4.3
MEDIUM
CVE-2017-1000425

Cross-site scripting (XSS) vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter.

4.3
MEDIUM
CVE-2017-17868

In Liferay Portal 6.1.0, the tags section has XSS via a Public Render Parameter (p_r_p) value, as demonstrated by p_r_p_564233524_tag.

4.3
MEDIUM
CVE-2017-12645

XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid portletId.

4.3
MEDIUM
CVE-2017-12649

XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted title or summary that is mishandled in the Web Content Display.

4.3
MEDIUM
CVE-2017-12647

XSS exists in Liferay Portal before 7.0 CE GA4 via a Knowledge Base article title.