Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay liferay portal vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-33321
Insecure default configuration in Liferay Portal 6.2.3 up to and including 7.3.2, and Liferay DXP prior to 7.3, allows remote malicious users to enumerate user email address via the forgot password functionality. The portal.property login.secure.forgot.password should be defaulte...
Liferay Dxp
Liferay Liferay Portal
5.4
CVSSv3
CVE-2022-42114
A Cross-site scripting (XSS) vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 up to and including 7.4.3.36, and Liferay DXP 7.4 before update 37 allows remote malicious users to inject arbitrary web script or HTML.
Liferay Dxp 7.4
Liferay Dxp
Liferay Liferay Portal
6.1
CVSSv3
CVE-2022-42117
A Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 up to and including 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote malicious users to inject arbitrary web script or HTML.
Liferay Dxp
Liferay Dxp 7.3
Liferay Dxp 7.4
Liferay Liferay Portal
6.1
CVSSv3
CVE-2022-42116
A Cross-site scripting (XSS) vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 up to and including 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote malicious users to inject arbitrary web scri...
Liferay Dxp
Liferay Dxp 7.3
Liferay Dxp 7.4
Liferay Liferay Portal
5.4
CVSSv3
CVE-2022-38901
A Cross-site scripting (XSS) vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote malicious users to inject arbitrary JS script or HTML into the description field of uploaded svg file.
Liferay Dxp 7.3
Liferay Dxp 7.4
Liferay Liferay Portal
Liferay Dxp
5.4
CVSSv3
CVE-2022-42119
Certain Liferay products are vulnerable to Cross Site Scripting (XSS) via the Commerce module. This affects Liferay Portal 7.3.5 up to and including 7.4.2 and Liferay DXP 7.3 before update 8.
Liferay Liferay Portal
Liferay Dxp 7.3
6.1
CVSSv3
CVE-2023-35029
Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 up to and including 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote malicious users to redirect users to arbitrary external URLs via the `_com_liferay_layout_admi...
Liferay Dxp 7.4
Liferay Liferay Portal
6.1
CVSSv3
CVE-2023-3193
Cross-site scripting (XSS) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 up to and including 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote malicious users to inject arbitrary web script or HTML via the `_com_liferay_layo...
Liferay Dxp 7.4
Liferay Liferay Portal
6.1
CVSSv3
CVE-2022-42113
A Cross-site scripting (XSS) vulnerability in Document Library module in Liferay Portal 7.4.3.30 up to and including 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote malicious users to inject arbitrary web script or HTML via the `redirect` parameter.
Liferay Dxp 7.4
Liferay Liferay Portal
4.8
CVSSv3
CVE-2021-33339
Cross-site scripting (XSS) vulnerability in the Fragment module in Liferay Portal 7.2.1 up to and including 7.3.4, and Liferay DXP 7.2 before fix pack 9 allows remote malicious users to inject arbitrary web script or HTML via the _com_liferay_site_admin_web_portlet_SiteAdminPortl...
Liferay Dxp 7.2
Liferay Liferay Portal
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »