Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay portal vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-38269
Cross-site scripting (XSS) vulnerability in the Gogo Shell module in Liferay Portal 7.1.0 up to and including 7.3.6 and 7.4.0, and Liferay DXP 7.1 before fix pack 23, 7.2 before fix pack 13, and 7.3 before fix pack 2 allows remote malicious users to inject arbitrary web script or...
Liferay Liferay Portal 7.4.0
Liferay Liferay Portal
Liferay Digital Experience Platform 7.2
Liferay Digital Experience Platform 7.1
Liferay Digital Experience Platform 7.3
7.5
CVSSv3
CVE-2021-33321
Insecure default configuration in Liferay Portal 6.2.3 up to and including 7.3.2, and Liferay DXP prior to 7.3, allows remote malicious users to enumerate user email address via the forgot password functionality. The portal.property login.secure.forgot.password should be defaulte...
Liferay Dxp
Liferay Liferay Portal
7.5
CVSSv3
CVE-2022-28981
Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 up to and including 7.4.2 allows remote malicious users to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the `parameter` parameter.
Liferay Liferay Portal
6.1
CVSSv3
CVE-2017-1000425
Cross-site scripting (XSS) vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote malicious users to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter.
Liferay Liferay Portal
8.8
CVSSv3
CVE-2018-10795
Liferay 6.2.x and before has an FCKeditor configuration that allows an malicious user to upload or transfer files of dangerous types that can be automatically processed within the product's environment via a browser/liferay/browser.html?Type= or html/js/editor/fckeditor/edit...
Liferay Liferay Portal
6.1
CVSSv3
CVE-2016-10404
XSS exists in Liferay Portal prior to 7.0 CE GA4 via a crafted redirect field to modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp.
Liferay Liferay Portal
NA
CVE-2014-8349
Cross-site scripting (XSS) vulnerability in Liferay Portal Enterprise Edition (EE) 6.2 SP8 and previous versions allows remote authenticated users to inject arbitrary web script or HTML via the _20_body parameter in the comment field in an uploaded file.
Liferay Liferay Portal
5.3
CVSSv3
CVE-2022-41414
An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows malicious users to enumerate usernames, site names, and pages.
Liferay Liferay Portal
6.1
CVSSv3
CVE-2023-47797
Reflected cross-site scripting (XSS) vulnerability on a content page’s edit page in Liferay Portal 7.4.3.94 up to and including 7.4.3.95 allows remote malicious users to inject arbitrary web script or HTML via the `p_l_back_url_title` parameter.
Liferay Liferay Portal
6.1
CVSSv3
CVE-2017-12645
XSS exists in Liferay Portal prior to 7.0 CE GA4 via an invalid portletId.
Liferay Liferay Portal
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »