Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay digital experience platform 7.4 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-33944
Cross-site scripting (XSS) vulnerability in Layout module in Liferay Portal 7.3.4 up to and including 7.4.3.68, and Liferay DXP 7.3 before update 24, and 7.4 before update 69 allows remote malicious users to inject arbitrary web script or HTML via a crafted payload injected into ...
Liferay Digital Experience Platform 7.3
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
NA
CVE-2022-42123
A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 up to and including 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows malicious users to create or overwrite existing files on the filesystem via the installation of a mal...
Liferay Digital Experience Platform 7.3
Liferay Liferay Portal
Liferay Digital Experience Platform 7.4
NA
CVE-2023-33940
Cross-site scripting (XSS) vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 up to and including 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote malicious users to inject arbitrary web script or HTML via the Remote App's IFrame URL.
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
NA
CVE-2023-33941
Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 up to and including 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote malicious users to inject arbitrary...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
NA
CVE-2023-33950
Pattern Redirects in Liferay Portal 7.4.3.48 up to and including 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote malicious users to consume an excessive amount of server...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
NA
CVE-2023-42497
Reflected cross-site scripting (XSS) vulnerability on the Export for Translation page in Liferay Portal 7.4.3.4 up to and including 7.4.3.85, and Liferay DXP 7.4 before update 86 allows remote malicious users to inject arbitrary web script or HTML via the `_com_liferay_translatio...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
NA
CVE-2023-44309
Multiple stored cross-site scripting (XSS) vulnerabilities in the fragment components in Liferay Portal 7.4.2 up to and including 7.4.3.53, and Liferay DXP 7.4 before update 54 allow remote malicious users to inject arbitrary web script or HTML via a crafted payload injected into...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
NA
CVE-2023-44311
Multiple reflected cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 up to and including 7.4.3.89, and Liferay DXP 7.4 update 41 through update 89 allow remote malicious users to...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
NA
CVE-2023-33943
Cross-site scripting (XSS) vulnerability in the Account module in Liferay Portal 7.4.3.21 up to and including 7.4.3.62, and Liferay DXP 7.4 update 21 through 62 allows remote malicious users to inject arbitrary web script or HTML via a crafted payload injected into a user's ...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
NA
CVE-2023-33947
The Object module in Liferay Portal 7.4.3.4 up to and including 7.4.3.60, and Liferay DXP 7.4 before update 61 does not segment object definition by virtual instance in search which allows remote authenticated users in one virtual instance to view object definition from a second ...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »