Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
portal vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-47798
Account lockout in Liferay Portal 7.2.0 up to and including 7.3.0, and older unsupported versions, and Liferay DXP 7.2 before fix pack 5, and older unsupported versions does not invalidate existing user sessions, which allows remote authenticated users to remain authenticated aft...
5.4
CVSSv3
CVE-2024-24812
Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and a tightly integrated client side library. Prior to versions 14.59.0 and 15.5.0, portal pages are susceptible to Cross-Site Scripting (XSS) which can be used to inject malicious JS...
Frappe Frappe
NA
CVE-2024-25143
The Document and Media widget In Liferay Portal 7.2.0 up to and including 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions, does not limit resource consumption when generating a preview image,...
5.4
CVSSv3
CVE-2024-25145
Stored cross-site scripting (XSS) vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 up to and including 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before update 8, 7.3 before update 4, 7.2 before fix pack 17, and older u...
Liferay Dxp 7.2
Liferay Dxp 7.3
Liferay Dxp 7.4
Liferay Dxp
Liferay Liferay Portal
5.4
CVSSv3
CVE-2023-46344
A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products, allows an malicious user to escalate their privileges by exploiting a stored cross-site scripting (XSS) vulnerability in the switch group function under /#ilang=DE&b=c_s...
Solar-log 2000 Pm\\+ Firmware 15.10.2019
8.8
CVSSv3
CVE-2023-43317
An issue in Coign CRM Portal v.06.06 allows a remote malicious user to escalate privileges via the userPermissionsList parameter in Session Storage component.
Coign Coign 06.06
1 Github repository
9.8
CVSSv3
CVE-2024-0204
Authentication bypass in Fortra's GoAnywhere MFT before 7.4.1 allows an unauthorized user to create an admin user via the administration portal.
Fortra Goanywhere Managed File Transfer 6.0.0
Fortra Goanywhere Managed File Transfer
3 Github repositories
1 Article
4.3
CVSSv3
CVE-2023-7031
Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, before 8.1.2 patch 0402. Versions before...
Avaya Aura Experience Portal
9.8
CVSSv3
CVE-2022-41786
Missing Authorization vulnerability in WP Job Portal WP Job Portal – A Complete Job Board.This issue affects WP Job Portal – A Complete Job Board: from n/a up to and including 2.0.1.
Wpjobportal Wp Job Portal
5.3
CVSSv3
CVE-2024-0349
A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to sensitive cookie without secure attribute. The attack can be launched remotely. The ...
Engineers Online Portal Project Engineers Online Portal 1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »