Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2021-33322
In Liferay Portal 7.3.0 and previous versions, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 18, and 7.2 before fix pack 5, password reset tokens are not invalidated after a user changes their password, which allows remote malicious users to change the user’s ...
Liferay Dxp 7.0
Liferay Dxp 7.1
Liferay Dxp 7.2
Liferay Liferay Portal
445
VMScore
CVE-2021-33323
The Dynamic Data Mapping module in Liferay Portal 7.1.0 up to and including 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, autosaves form values for unauthenticated users, which allows remote malicious users to view the autosaved values by viewing the f...
Liferay Dxp 7.1
Liferay Dxp 7.2
Liferay Liferay Portal
445
VMScore
CVE-2021-29040
The JSON web services in Liferay Portal 7.3.4 and previous versions, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack 10 may provide overly verbose error messages, which allows remote malicious users to use the contents of error messages to h...
Liferay Dxp
Liferay Dxp 7.0
Liferay Dxp 7.1
Liferay Dxp 7.2
Liferay Liferay Portal
445
VMScore
CVE-2021-29047
The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote malicious users to repeatedly perform actions protected by a CAPTCHA challenge by reusing the same CAPTC...
Liferay Dxp
Liferay Dxp 7.3
Liferay Liferay Portal 7.3.4
Liferay Liferay Portal 7.3.5
445
VMScore
CVE-2020-15840
In Liferay Portal prior to 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property 'portlet.resource.id.banned.paths.regexp' can be bypassed with doubled encoded URLs.
Liferay Dxp 7.0
Liferay Dxp 7.1
Liferay Dxp 7.2
Liferay Liferay Portal 6.2
Liferay Liferay Portal
445
VMScore
CVE-2020-24554
The redirect module in Liferay Portal prior to 7.3.3 does not limit the number of URLs resulting in a 404 error that is recorded, which allows remote malicious users to perform a denial of service attack by making repeated requests for pages that do not exist.
Liferay Liferay Portal
435
VMScore
CVE-2016-3670
Cross-site scripting (XSS) vulnerability in users.jsp in the Profile Search functionality in Liferay prior to 7.0.0 CE RC1 allows remote malicious users to inject arbitrary web script or HTML via the FirstName field.
Liferay Liferay Portal
1 EDB exploit
435
VMScore
CVE-2009-1294
Multiple cross-site scripting (XSS) vulnerabilities in web/guest/home in the Liferay 4.3.0 portal in Novell Teaming 1.0 through SP3 (1.0.3) allow remote malicious users to inject arbitrary web script or HTML via the (1) p_p_state or (2) p_p_mode parameters.
Novell Teaming 1.0
Novell Teaming 1.0.2
Novell Teaming 1.0.3
Novell Teaming 1.0.1
Liferay Liferay Enterprise Portal 4.3.0
1 EDB exploit
435
VMScore
CVE-2008-0178
Cross-site scripting (XSS) vulnerability in the Enterprise Admin Session Monitoring component in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the User-Agent HTTP header.
Liferay Liferay Enterprise Portal 4.3.6
1 EDB exploit
435
VMScore
CVE-2007-6173
Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Enterprise Portal 4.3.1 allows remote malicious users to inject arbitrary web script or HTML via the emailAddress parameter in a Send New Password action, a different vector than CVE-2007-6055. NOTE: some of th...
Liferay Liferay Enterprise Portal 4.3.1
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »