Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay digital experience platform 7.4 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-33950
Pattern Redirects in Liferay Portal 7.4.3.48 up to and including 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote malicious users to consume an excessive amount of server...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
7.5
CVSSv3
CVE-2022-42125
Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 up to and including 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows malicious users to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module.
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
5.3
CVSSv3
CVE-2022-42127
The Friendly Url module in Liferay Portal 7.4.3.5 up to and including 7.4.3.36, and Liferay DXP 7.4 update 1 though 36 does not properly check user permissions, which allows remote malicious users to obtain the history of all friendly URLs that was assigned to a page.
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
5.3
CVSSv3
CVE-2022-42128
The Hypermedia REST APIs module in Liferay Portal 7.4.1 up to and including 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote malicious users to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API.
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
6.1
CVSSv3
CVE-2023-42497
Reflected cross-site scripting (XSS) vulnerability on the Export for Translation page in Liferay Portal 7.4.3.4 up to and including 7.4.3.85, and Liferay DXP 7.4 before update 86 allows remote malicious users to inject arbitrary web script or HTML via the `_com_liferay_translatio...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
5.4
CVSSv3
CVE-2023-42629
Stored cross-site scripting (XSS) vulnerability in the manage vocabulary page in Liferay Portal 7.4.2 up to and including 7.4.3.87, and Liferay DXP 7.4 before update 88 allows remote malicious users to inject arbitrary web script or HTML via a crafted payload injected into a Voca...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
5.4
CVSSv3
CVE-2023-33942
Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote malicious users to inject arbitrary web script or HTML via a crafted payload injected into a web cont...
Liferay Liferay Portal 7.4.3.50
Liferay Digital Experience Platform 7.4
7.5
CVSSv3
CVE-2023-33948
The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote malicious users to download any file from Document and Media via a crafted URL.
Liferay Liferay Portal 7.4.3.67
Liferay Digital Experience Platform 7.4
5.3
CVSSv3
CVE-2022-25146
The Remote App module in Liferay Portal Liferay Portal v7.4.3.4 through v7.4.3.8 and Liferay DXP 7.4 before update 5 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing malicious users to exfiltrate the CSRF token via a crafte...
Liferay Liferay Portal
Liferay Digital Experience Platform
5.4
CVSSv3
CVE-2022-38901
A Cross-site scripting (XSS) vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote malicious users to inject arbitrary JS script or HTML into the description field of uploaded svg file.
Liferay Dxp 7.3
Liferay Dxp 7.4
Liferay Liferay Portal
Liferay Dxp
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3