Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay digital experience platform vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-33938
Cross-site scripting (XSS) vulnerability in the App Builder module's custom object details page in Liferay Portal 7.3.0 up to and including 7.4.0, and Liferay DXP 7.3 before update 14 allows remote malicious users to inject arbitrary web script or HTML via a crafted payload ...
Liferay Digital Experience Platform 7.3
Liferay Liferay Portal
5.4
CVSSv3
CVE-2023-33940
Cross-site scripting (XSS) vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 up to and including 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote malicious users to inject arbitrary web script or HTML via the Remote App's IFrame URL.
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
6.1
CVSSv3
CVE-2023-33941
Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 up to and including 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote malicious users to inject arbitrary...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
5.4
CVSSv3
CVE-2023-33943
Cross-site scripting (XSS) vulnerability in the Account module in Liferay Portal 7.4.3.21 up to and including 7.4.3.62, and Liferay DXP 7.4 update 21 through 62 allows remote malicious users to inject arbitrary web script or HTML via a crafted payload injected into a user's ...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
4.3
CVSSv3
CVE-2023-33946
The Object module in Liferay Portal 7.4.3.4 up to and including 7.4.3.48, and Liferay DXP 7.4 before update 49 does properly isolate objects in difference virtual instances, which allows remote authenticated users in one virtual instance to view objects in a different virtual ins...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
4.3
CVSSv3
CVE-2023-33947
The Object module in Liferay Portal 7.4.3.4 up to and including 7.4.3.60, and Liferay DXP 7.4 before update 61 does not segment object definition by virtual instance in search which allows remote authenticated users in one virtual instance to view object definition from a second ...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
7.5
CVSSv3
CVE-2023-33950
Pattern Redirects in Liferay Portal 7.4.3.48 up to and including 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote malicious users to consume an excessive amount of server...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
7.5
CVSSv3
CVE-2022-42125
Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 up to and including 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows malicious users to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module.
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
5.3
CVSSv3
CVE-2022-42127
The Friendly Url module in Liferay Portal 7.4.3.5 up to and including 7.4.3.36, and Liferay DXP 7.4 update 1 though 36 does not properly check user permissions, which allows remote malicious users to obtain the history of all friendly URLs that was assigned to a page.
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
5.3
CVSSv3
CVE-2022-42128
The Hypermedia REST APIs module in Liferay Portal 7.4.1 up to and including 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote malicious users to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API.
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »