Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay liferay portal vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2020-25476
Liferay CMS Portal version 7.1.3 and 7.2.1 have a blind persistent cross-site scripting (XSS) vulnerability in the user name parameter to Calendar. An attacker can insert the malicious payload on the username, lastname or surname fields of its own profile, and the malicious paylo...
Liferay Liferay Portal 7.1.3
Liferay Liferay Portal 7.2.1
801
VMScore
CVE-2020-28884
Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject Groovy script to execute any OS command on the Liferay Portal Sever. NOTE: The developer disputes this as a vulnerability since it is a feature for administr...
Liferay Liferay Portal 7.2
Liferay Liferay Portal 7.3.5
801
VMScore
CVE-2020-28885
Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject commands through the Gogo Shell module to execute any OS command on the Liferay Portal Sever. NOTE: The developer disputes this as a vulnerability since it i...
Liferay Liferay Portal 7.2
Liferay Liferay Portal 7.3.5
383
VMScore
CVE-2021-38264
Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 and 7.4.1 allows remote malicious users to inject arbitrary web script or HTML into the management toolbar search via the `keywords` parameter. This issue is caused by an incomplete fix...
Liferay Liferay Portal 7.4.0
Liferay Liferay Portal 7.4.1
383
VMScore
CVE-2014-2963
Multiple cross-site scripting (XSS) vulnerabilities in group/control_panel/manage in Liferay Portal 6.1.2 CE GA3, 6.1.X EE, and 6.2.X EE allow remote malicious users to inject arbitrary web script or HTML via the (1) _2_firstName, (2) _2_lastName, or (3) _2_middleName parameter.
Liferay Liferay Portal 6.1.x Ee
Liferay Liferay Portal 6.1.2 Ce Ga3
Liferay Liferay Portal 6.2.x Ee
445
VMScore
CVE-2020-15840
In Liferay Portal prior to 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property 'portlet.resource.id.banned.paths.regexp' can be bypassed with doubled encoded URLs.
Liferay Dxp 7.0
Liferay Dxp 7.1
Liferay Dxp 7.2
Liferay Liferay Portal 6.2
Liferay Liferay Portal
383
VMScore
CVE-2021-29048
Cross-site scripting (XSS) vulnerability in the Layout module's page administration page in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.2 before fix pack 11 and 7.3 before fix pack 1 allows remote malicious users to inject arbitrary web script or HTML via the _com_liferay_...
Liferay Dxp 7.2
Liferay Liferay Portal 7.3.4
Liferay Dxp 7.3
Liferay Liferay Portal 7.3.5
435
VMScore
CVE-2004-2030
Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for Liferay prior to 2.2.0 release 10/1/2004 allow remote malicious users to inject arbitrary web script or HTML, as demonstrated using the message subject.
Liferay Liferay Enterprise Portal
Liferay Liferay Enterprise Portal 2.1.0
1 EDB exploit
312
VMScore
CVE-2022-26593
Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 up to and including 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote malicious users to inject arbitrary web script or HTML via the name of a asset ...
Liferay Liferay Portal 7.4.0
Liferay Digital Experience Platform 7.3
Liferay Digital Experience Platform
Liferay Liferay Portal
312
VMScore
CVE-2021-38269
Cross-site scripting (XSS) vulnerability in the Gogo Shell module in Liferay Portal 7.1.0 up to and including 7.3.6 and 7.4.0, and Liferay DXP 7.1 before fix pack 23, 7.2 before fix pack 13, and 7.3 before fix pack 2 allows remote malicious users to inject arbitrary web script or...
Liferay Liferay Portal 7.4.0
Liferay Liferay Portal
Liferay Digital Experience Platform 7.2
Liferay Digital Experience Platform 7.1
Liferay Digital Experience Platform 7.3
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »