Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay digital experience platform 7.3 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-33945
SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 up to and including 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows malicious users to execute arbitrary SQL commands via the name of a database table's p...
Liferay Digital Experience Platform 7.3
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
NA
CVE-2022-42126
The Asset Libraries module in Liferay Portal 7.3.5 up to and including 7.4.3.28, and Liferay DXP 7.3 before update 8, and DXP 7.4 before update 29 does not properly check permissions of asset libraries, which allows remote authenticated users to view asset libraries via the UI.
Liferay Digital Experience Platform 7.3
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
NA
CVE-2022-42129
An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 up to and including 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the `formInstance...
Liferay Digital Experience Platform 7.3
Liferay Liferay Portal
Liferay Digital Experience Platform 7.4
NA
CVE-2022-42123
A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 up to and including 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows malicious users to create or overwrite existing files on the filesystem via the installation of a mal...
Liferay Digital Experience Platform 7.3
Liferay Liferay Portal
Liferay Digital Experience Platform 7.4
NA
CVE-2023-42627
Multiple stored cross-site scripting (XSS) vulnerabilities in the Commerce module in Liferay Portal 7.3.5 up to and including 7.4.3.91, and Liferay DXP 7.3 update 33 and previous versions, and 7.4 before update 92 allow remote malicious users to inject arbitrary web script or HTM...
Liferay Digital Experience Platform 7.3
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
3.5
CVSSv2
CVE-2021-38269
Cross-site scripting (XSS) vulnerability in the Gogo Shell module in Liferay Portal 7.1.0 up to and including 7.3.6 and 7.4.0, and Liferay DXP 7.1 before fix pack 23, 7.2 before fix pack 13, and 7.3 before fix pack 2 allows remote malicious users to inject arbitrary web script or...
Liferay Liferay Portal 7.4.0
Liferay Liferay Portal
Liferay Digital Experience Platform 7.2
Liferay Digital Experience Platform 7.1
Liferay Digital Experience Platform 7.3
3.5
CVSSv2
CVE-2022-26593
Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 up to and including 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote malicious users to inject arbitrary web script or HTML via the name of a asset ...
Liferay Liferay Portal 7.4.0
Liferay Digital Experience Platform 7.3
Liferay Digital Experience Platform
Liferay Liferay Portal
4
CVSSv2
CVE-2022-26595
Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups, which allows remote authenticated users to view sites/groups via the user's site membership assignment U...
Liferay Liferay Portal 7.4.0
Liferay Digital Experience Platform 7.2
Liferay Digital Experience Platform 7.3
Liferay Liferay Portal 7.4.1
Liferay Liferay Portal 7.3.7
NA
CVE-2023-33938
Cross-site scripting (XSS) vulnerability in the App Builder module's custom object details page in Liferay Portal 7.3.0 up to and including 7.4.0, and Liferay DXP 7.3 before update 14 allows remote malicious users to inject arbitrary web script or HTML via a crafted payload ...
Liferay Digital Experience Platform 7.3
Liferay Liferay Portal
NA
CVE-2023-44310
Stored cross-site scripting (XSS) vulnerability in Page Tree menu Liferay Portal 7.3.6 up to and including 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote malicious users to inject arbitrary web script or HTML via a crafted paylo...
Liferay Digital Experience Platform 7.1
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »