Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay digital experience platform 7.4 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-42126
The Asset Libraries module in Liferay Portal 7.3.5 up to and including 7.4.3.28, and Liferay DXP 7.3 before update 8, and DXP 7.4 before update 29 does not properly check permissions of asset libraries, which allows remote authenticated users to view asset libraries via the UI.
Liferay Digital Experience Platform 7.3
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
NA
CVE-2022-42129
An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 up to and including 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the `formInstance...
Liferay Digital Experience Platform 7.3
Liferay Liferay Portal
Liferay Digital Experience Platform 7.4
NA
CVE-2023-42497
Reflected cross-site scripting (XSS) vulnerability on the Export for Translation page in Liferay Portal 7.4.3.4 up to and including 7.4.3.85, and Liferay DXP 7.4 before update 86 allows remote malicious users to inject arbitrary web script or HTML via the `_com_liferay_translatio...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
NA
CVE-2023-3426
The organization selector in Liferay Portal 7.4.3.81 up to and including 7.4.3.85, and Liferay DXP 7.4 update 81 through 85 does not check user permission, which allows remote authenticated users to obtain a list of all organizations.
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
NA
CVE-2023-33940
Cross-site scripting (XSS) vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 up to and including 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote malicious users to inject arbitrary web script or HTML via the Remote App's IFrame URL.
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
NA
CVE-2023-33941
Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 up to and including 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote malicious users to inject arbitrary...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
NA
CVE-2023-33943
Cross-site scripting (XSS) vulnerability in the Account module in Liferay Portal 7.4.3.21 up to and including 7.4.3.62, and Liferay DXP 7.4 update 21 through 62 allows remote malicious users to inject arbitrary web script or HTML via a crafted payload injected into a user's ...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
NA
CVE-2023-33946
The Object module in Liferay Portal 7.4.3.4 up to and including 7.4.3.48, and Liferay DXP 7.4 before update 49 does properly isolate objects in difference virtual instances, which allows remote authenticated users in one virtual instance to view objects in a different virtual ins...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
NA
CVE-2023-33947
The Object module in Liferay Portal 7.4.3.4 up to and including 7.4.3.60, and Liferay DXP 7.4 before update 61 does not segment object definition by virtual instance in search which allows remote authenticated users in one virtual instance to view object definition from a second ...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
NA
CVE-2023-33950
Pattern Redirects in Liferay Portal 7.4.3.48 up to and including 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote malicious users to consume an excessive amount of server...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »