Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay liferay portal vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-33321
Insecure default configuration in Liferay Portal 6.2.3 up to and including 7.3.2, and Liferay DXP prior to 7.3, allows remote malicious users to enumerate user email address via the forgot password functionality. The portal.property login.secure.forgot.password should be defaulte...
Liferay Dxp
Liferay Liferay Portal
NA
CVE-2022-42114
A Cross-site scripting (XSS) vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 up to and including 7.4.3.36, and Liferay DXP 7.4 before update 37 allows remote malicious users to inject arbitrary web script or HTML.
Liferay Dxp 7.4
Liferay Dxp
Liferay Liferay Portal
NA
CVE-2022-38901
A Cross-site scripting (XSS) vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote malicious users to inject arbitrary JS script or HTML into the description field of uploaded svg file.
Liferay Dxp 7.3
Liferay Dxp 7.4
Liferay Liferay Portal
Liferay Dxp
NA
CVE-2022-42116
A Cross-site scripting (XSS) vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 up to and including 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote malicious users to inject arbitrary web scri...
Liferay Dxp
Liferay Dxp 7.3
Liferay Dxp 7.4
Liferay Liferay Portal
NA
CVE-2022-42117
A Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 up to and including 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote malicious users to inject arbitrary web script or HTML.
Liferay Dxp
Liferay Dxp 7.3
Liferay Dxp 7.4
Liferay Liferay Portal
4
CVSSv2
CVE-2021-33324
The Layout module in Liferay Portal 7.1.0 up to and including 7.3.1, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 5, does not properly check permission of pages, which allows remote authenticated users without view permission of a page to view the page via a si...
Liferay Dxp 7.2
Liferay Dxp 7.1
Liferay Liferay Portal
3.5
CVSSv2
CVE-2021-33336
Cross-site scripting (XSS) vulnerability in the Journal module's add article menu in Liferay Portal 7.3.0 up to and including 7.3.3, and Liferay DXP 7.1 fix pack 18, and 7.2 fix pack 5 through 7, allows remote malicious users to inject arbitrary web script or HTML via the _c...
Liferay Dxp 7.2
Liferay Dxp 7.1
Liferay Liferay Portal
NA
CVE-2022-42111
A Cross-site scripting (XSS) vulnerability in the Sharing module's user notification in Liferay Portal 7.2.1 up to and including 7.4.2, and Liferay DXP 7.2 before fix pack 19, and 7.3 before update 4 allows remote malicious users to inject arbitrary web script or HTML by sha...
Liferay Liferay Portal
Liferay Dxp 7.2
Liferay Dxp 7.3
4.3
CVSSv2
CVE-2021-33332
Cross-site scripting (XSS) vulnerability in the Portlet Configuration module in Liferay Portal 7.1.0 up to and including 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, allows remote malicious users to inject arbitrary web script or HTML via the _com_lif...
Liferay Dxp 7.2
Liferay Dxp 7.1
Liferay Liferay Portal
5
CVSSv2
CVE-2021-33323
The Dynamic Data Mapping module in Liferay Portal 7.1.0 up to and including 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, autosaves form values for unauthenticated users, which allows remote malicious users to view the autosaved values by viewing the f...
Liferay Dxp 7.2
Liferay Dxp 7.1
Liferay Liferay Portal
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »