Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-29048
Cross-site scripting (XSS) vulnerability in the Layout module's page administration page in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.2 before fix pack 11 and 7.3 before fix pack 1 allows remote malicious users to inject arbitrary web script or HTML via the _com_liferay_...
Liferay Dxp 7.2
Liferay Dxp 7.3
Liferay Liferay Portal 7.3.4
Liferay Liferay Portal 7.3.5
5.3
CVSSv3
CVE-2021-29040
The JSON web services in Liferay Portal 7.3.4 and previous versions, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack 10 may provide overly verbose error messages, which allows remote malicious users to use the contents of error messages to h...
Liferay Dxp
Liferay Dxp 7.0
Liferay Dxp 7.1
Liferay Dxp 7.2
Liferay Liferay Portal
5.4
CVSSv3
CVE-2022-42112
A Cross-site scripting (XSS) vulnerability in the Portal Search module's Sort widget in Liferay Portal 7.2.0 up to and including 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote malicious users to inject arbitr...
Liferay Dxp 7.2
Liferay Dxp 7.4
Liferay Dxp 7.3
Liferay Dxp
Liferay Liferay Portal
4.3
CVSSv3
CVE-2022-26595
Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups, which allows remote authenticated users to view sites/groups via the user's site membership assignment U...
Liferay Liferay Portal 7.4.0
Liferay Digital Experience Platform 7.2
Liferay Digital Experience Platform 7.3
Liferay Liferay Portal 7.4.1
Liferay Liferay Portal 7.3.7
8.8
CVSSv3
CVE-2022-42121
A SQL injection vulnerability in the Layout module in Liferay Portal 7.1.3 up to and including 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before service pack 3, and 7.4 GA allows remote authenticated malicious users to execute arbitrary SQL comma...
Liferay Liferay Portal
Liferay Dxp 7.2
Liferay Dxp 7.1
Liferay Dxp 7.3
Liferay Dxp 7.4
5.9
CVSSv3
CVE-2021-29043
The Portal Store module in Liferay Portal 7.0.0 up to and including 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 does not obfuscate the S3 store's proxy password, which allows malicious users to steal...
Liferay Dxp 7.0
Liferay Dxp 7.1
Liferay Dxp 7.2
Liferay Dxp 7.3
Liferay Liferay Portal
6.1
CVSSv3
CVE-2021-29044
Cross-site scripting (XSS) vulnerability in the Site module's membership request administration pages in Liferay Portal 7.0.0 up to and including 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows re...
Liferay Dxp 7.0
Liferay Dxp 7.1
Liferay Dxp 7.2
Liferay Dxp 7.3
Liferay Liferay Portal
6.1
CVSSv3
CVE-2022-28977
HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 up to and including 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3 before service pack 3 can be circumvented by using multiple forward slashes, which allows remote ...
Liferay Dxp 7.2
Liferay Dxp 7.0
Liferay Dxp 7.1
Liferay Dxp 7.3
Liferay Liferay Portal
5.4
CVSSv3
CVE-2022-28978
Stored cross-site scripting (XSS) vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 up to and including 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 ...
Liferay Dxp 7.0
Liferay Dxp 7.2
Liferay Dxp 7.1
Liferay Dxp 7.3
Liferay Liferay Portal
6.1
CVSSv3
CVE-2022-42116
A Cross-site scripting (XSS) vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 up to and including 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote malicious users to inject arbitrary web scri...
Liferay Dxp
Liferay Dxp 7.3
Liferay Dxp 7.4
Liferay Liferay Portal
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »