Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay dxp 7.3 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2021-29038
Liferay Portal 7.2.0 up to and including 7.3.5, and older unsupported versions, and Liferay DXP 7.3 before fix pack 1, 7.2 before fix pack 17, and older unsupported versions does not obfuscate password reminder answers on the page, which allows malicious users to use man-in-the-m...
NA
CVE-2021-29050
Cross-Site Request Forgery (CSRF) vulnerability in the terms of use page in Liferay Portal prior to 7.3.6, and Liferay DXP 7.3 before service pack 1, 7.2 before fix pack 11 allows remote malicious users to accept the site's terms of use via social engineering and enticing th...
NA
CVE-2024-26268
User enumeration vulnerability in Liferay Portal 7.2.0 up to and including 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote malicious users to determine if an ...
NA
CVE-2024-26265
The Image Uploader module in Liferay Portal 7.2.0 up to and including 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions relies on a request parameter to limit the size of fil...
NA
CVE-2024-26267
In Liferay Portal 7.2.0 up to and including 7.4.3.25, and older unsupported versions, and Liferay DXP 7.4 before update 26, 7.3 before update 5, 7.2 before fix pack 19, and older unsupported versions the default value of the portal property `http.header.version.verbosity` is set ...
NA
CVE-2024-25610
In Liferay Portal 7.2.0 up to and including 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions, the default configuration does not sanitize blog entries of JavaScript, which al...
NA
CVE-2024-25607
The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 up to and including 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions defaults to a low work...
NA
CVE-2024-25608
HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 up to and including 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions can be circumvented by using the 'REPLACEMENT CHARA...
NA
CVE-2024-25609
HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 up to and including 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 service pack 3, 7.2 fix pack 15 through 18, and older unsupported versions can be circumvented by using two forward slashes, whic...
NA
CVE-2024-25605
The Journal module in Liferay Portal 7.2.0 up to and including 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »