Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay liferay portal 7.3 vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2021-29044
Cross-site scripting (XSS) vulnerability in the Site module's membership request administration pages in Liferay Portal 7.0.0 up to and including 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows re...
Liferay Dxp 7.0
Liferay Dxp 7.1
Liferay Dxp 7.2
Liferay Dxp 7.3
Liferay Liferay Portal
383
VMScore
CVE-2021-29045
Cross-site scripting (XSS) vulnerability in the Redirect module's redirection administration page in Liferay Portal 7.3.2 up to and including 7.3.5, and Liferay DXP 7.3 before fix pack 1 allows remote malicious users to inject arbitrary web script or HTML via the _com_lifera...
Liferay Dxp 7.3
Liferay Liferay Portal
383
VMScore
CVE-2021-29046
Cross-site scripting (XSS) vulnerability in the Asset module's category selector input field in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1, allows remote malicious users to inject arbitrary web script or HTML via the _com_liferay_asset_categories_admin_web_po...
Liferay Dxp 7.3
Liferay Liferay Portal 7.3.5
356
VMScore
CVE-2022-26595
Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups, which allows remote authenticated users to view sites/groups via the user's site membership assignment U...
Liferay Liferay Portal 7.4.0
Liferay Digital Experience Platform 7.2
Liferay Digital Experience Platform 7.3
Liferay Liferay Portal 7.4.1
Liferay Liferay Portal 7.3.7
356
VMScore
CVE-2021-38268
The Dynamic Data Mapping module in Liferay Portal 7.0.0 up to and including 7.3.6, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 2 incorrectly sets default permissions for site members, which allows remote authenti...
Liferay Digital Experience Platform 7.2
Liferay Liferay Portal
Liferay Digital Experience Platform
Liferay Digital Experience Platform 7.3
356
VMScore
CVE-2021-29052
The Data Engine module in Liferay Portal 7.3.0 up to and including 7.3.5, and Liferay DXP 7.3 before fix pack 1 does not check permissions in DataDefinitionResourceImpl.getSiteDataDefinitionByContentTypeByDataDefinitionKey, which allows remote authenticated users to view DDMStruc...
Liferay Dxp 7.3
Liferay Liferay Portal
356
VMScore
CVE-2020-13444
Liferay Portal 7.x prior to 7.3.2, and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 5 does not sanitize the information returned by the DDMDataProvider API, which allows remote authenticated users to obtain the password to REST Data Provider...
Liferay Liferay Portal 7.1
Liferay Liferay Portal 7.1.1
Liferay Liferay Portal 7.2
Liferay Liferay Portal 7.3
312
VMScore
CVE-2022-26593
Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 up to and including 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote malicious users to inject arbitrary web script or HTML via the name of a asset ...
Liferay Liferay Portal 7.4.0
Liferay Digital Experience Platform 7.3
Liferay Digital Experience Platform
Liferay Liferay Portal
312
VMScore
CVE-2021-38267
Cross-site scripting (XSS) vulnerability in the Blogs module's edit blog entry page in Liferay Portal 7.3.2 up to and including 7.3.6, and Liferay DXP 7.3 before fix pack 2 allows remote malicious users to inject arbitrary web script or HTML via the _com_liferay_blogs_web_po...
Liferay Liferay Portal
Liferay Digital Experience Platform 7.3
Liferay Digital Experience Platform
312
VMScore
CVE-2021-38269
Cross-site scripting (XSS) vulnerability in the Gogo Shell module in Liferay Portal 7.1.0 up to and including 7.3.6 and 7.4.0, and Liferay DXP 7.1 before fix pack 23, 7.2 before fix pack 13, and 7.3 before fix pack 2 allows remote malicious users to inject arbitrary web script or...
Liferay Liferay Portal 7.4.0
Liferay Liferay Portal
Liferay Digital Experience Platform 7.2
Liferay Digital Experience Platform 7.1
Liferay Digital Experience Platform 7.3
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »