Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay liferay portal vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2021-33321
Insecure default configuration in Liferay Portal 6.2.3 up to and including 7.3.2, and Liferay DXP prior to 7.3, allows remote malicious users to enumerate user email address via the forgot password functionality. The portal.property login.secure.forgot.password should be defaulte...
Liferay Dxp
Liferay Liferay Portal
NA
CVE-2022-42114
A Cross-site scripting (XSS) vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 up to and including 7.4.3.36, and Liferay DXP 7.4 before update 37 allows remote malicious users to inject arbitrary web script or HTML.
Liferay Dxp 7.4
Liferay Dxp
Liferay Liferay Portal
NA
CVE-2022-42116
A Cross-site scripting (XSS) vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 up to and including 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote malicious users to inject arbitrary web scri...
Liferay Dxp
Liferay Dxp 7.3
Liferay Dxp 7.4
Liferay Liferay Portal
NA
CVE-2022-42117
A Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 up to and including 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote malicious users to inject arbitrary web script or HTML.
Liferay Dxp
Liferay Dxp 7.3
Liferay Dxp 7.4
Liferay Liferay Portal
NA
CVE-2022-38901
A Cross-site scripting (XSS) vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote malicious users to inject arbitrary JS script or HTML into the description field of uploaded svg file.
Liferay Dxp 7.3
Liferay Dxp 7.4
Liferay Liferay Portal
Liferay Dxp
356
VMScore
CVE-2021-29052
The Data Engine module in Liferay Portal 7.3.0 up to and including 7.3.5, and Liferay DXP 7.3 before fix pack 1 does not check permissions in DataDefinitionResourceImpl.getSiteDataDefinitionByContentTypeByDataDefinitionKey, which allows remote authenticated users to view DDMStruc...
Liferay Dxp 7.3
Liferay Liferay Portal
NA
CVE-2022-42119
Certain Liferay products are vulnerable to Cross Site Scripting (XSS) via the Commerce module. This affects Liferay Portal 7.3.5 up to and including 7.4.2 and Liferay DXP 7.3 before update 8.
Liferay Liferay Portal
Liferay Dxp 7.3
NA
CVE-2023-35029
Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 up to and including 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote malicious users to redirect users to arbitrary external URLs via the `_com_liferay_layout_admi...
Liferay Dxp 7.4
Liferay Liferay Portal
NA
CVE-2022-28980
Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows malicious users to execute arbitrary web scripts or HTML via parameters with the filter_ prefix.
Liferay Liferay Portal
Liferay Dxp 7.4
NA
CVE-2022-28982
A cross-site scripting (XSS) vulnerability in Liferay Portal v7.3.3 through v7.4.2 and Liferay DXP v7.3 before service pack 3 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the name of a tag.
Liferay Dxp 7.3
Liferay Liferay Portal
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »