Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay liferay portal 7.2.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-25145
Stored cross-site scripting (XSS) vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 up to and including 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before update 8, 7.3 before update 4, 7.2 before fix pack 17, and older u...
Liferay Dxp 7.2
Liferay Dxp 7.3
Liferay Dxp 7.4
Liferay Dxp
Liferay Liferay Portal
7.5
CVSSv2
CVE-2020-7961
Deserialization of Untrusted Data in Liferay Portal before 7.2.1 CE GA2 allows remote malicious users to execute arbitrary code via JSON web services (JSONWS).
Liferay Liferay Portal
13 Github repositories
NA
CVE-2024-26267
In Liferay Portal 7.2.0 up to and including 7.4.3.25, and older unsupported versions, and Liferay DXP 7.4 before update 26, 7.3 before update 5, 7.2 before fix pack 19, and older unsupported versions the default value of the portal property `http.header.version.verbosity` is set ...
NA
CVE-2023-47798
Account lockout in Liferay Portal 7.2.0 up to and including 7.3.0, and older unsupported versions, and Liferay DXP 7.2 before fix pack 5, and older unsupported versions does not invalidate existing user sessions, which allows remote authenticated users to remain authenticated aft...
NA
CVE-2024-25147
Cross-site scripting (XSS) vulnerability in HtmlUtil.escapeJsLink in Liferay Portal 7.2.0 up to and including 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions allows remote malicious users to ...
NA
CVE-2024-26268
User enumeration vulnerability in Liferay Portal 7.2.0 up to and including 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote malicious users to determine if an ...
NA
CVE-2024-25150
Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 up to and including 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a u...
NA
CVE-2024-25607
The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 up to and including 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions defaults to a low work...
NA
CVE-2024-25152
Stored cross-site scripting (XSS) vulnerability in Message Board widget in Liferay Portal 7.2.0 up to and including 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated...
NA
CVE-2021-29038
Liferay Portal 7.2.0 up to and including 7.3.5, and older unsupported versions, and Liferay DXP 7.3 before fix pack 1, 7.2 before fix pack 17, and older unsupported versions does not obfuscate password reminder answers on the page, which allows malicious users to use man-in-the-m...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »