Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay liferay portal vulnerabilities and exploits
(subscribe to this query)
435
VMScore
CVE-2004-2030
Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for Liferay prior to 2.2.0 release 10/1/2004 allow remote malicious users to inject arbitrary web script or HTML, as demonstrated using the message subject.
Liferay Liferay Enterprise Portal 2.1.0
Liferay Liferay Enterprise Portal
1 EDB exploit
383
VMScore
CVE-2022-26596
Cross-site scripting (XSS) vulnerability in Journal module's web content display configuration page in Liferay Portal 7.1.0 up to and including 7.3.3, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 8, allows remote malicious users to ...
Liferay Digital Experience Platform 7.2
Liferay Digital Experience Platform 7.1
Liferay Digital Experience Platform 7.0
Liferay Liferay Portal
383
VMScore
CVE-2022-26597
Cross-site scripting (XSS) vulnerability in the Layout module's Open Graph integration in Liferay Portal 7.3.0 up to and including 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote malicious users to inject arbitrary web script or HTML via the site name.
Liferay Digital Experience Platform 7.3
Liferay Digital Experience Platform
Liferay Liferay Portal
383
VMScore
CVE-2022-26594
Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.5 up to and including 7.4.0, and Liferay DXP 7.3 before service pack 3 allow remote malicious users to inject arbitrary web script or HTML via a form field's help text to (1) Forms module's form b...
Liferay Liferay Portal
Liferay Liferay Portal 7.4.0
383
VMScore
CVE-2021-38263
Cross-site scripting (XSS) vulnerability in the Server module's script console in Liferay Portal 7.3.2 and previous versions, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 20 and 7.2 before fix pack 10 allows remote malicious users to inject arbitrary web scri...
Liferay Liferay Portal
Liferay Digital Experience Platform 7.2
Liferay Digital Experience Platform 7.1
Liferay Digital Experience Platform 7.0
383
VMScore
CVE-2021-38264
Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 and 7.4.1 allows remote malicious users to inject arbitrary web script or HTML into the management toolbar search via the `keywords` parameter. This issue is caused by an incomplete fix...
Liferay Liferay Portal 7.4.0
Liferay Liferay Portal 7.4.1
383
VMScore
CVE-2021-35463
Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote malicious users to inject arbitrary web script or HTML into the management toolbar search via the `keywords` parameter.
Liferay Liferay Portal 7.4.0
383
VMScore
CVE-2021-33337
Cross-site scripting (XSS) vulnerability in the Document Library module's add document menu in Liferay Portal 7.3.0 up to and including 7.3.4, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 9, allows remote malicious users to inject arbitrary web script or H...
Liferay Dxp 7.1
Liferay Dxp 7.2
Liferay Liferay Portal
383
VMScore
CVE-2021-33332
Cross-site scripting (XSS) vulnerability in the Portlet Configuration module in Liferay Portal 7.1.0 up to and including 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, allows remote malicious users to inject arbitrary web script or HTML via the _com_lif...
Liferay Dxp 7.1
Liferay Dxp 7.2
Liferay Liferay Portal
383
VMScore
CVE-2021-33326
Cross-site scripting (XSS) vulnerability in the Frontend JS module in Liferay Portal 7.3.4 and previous versions, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20 and 7.2 before fix pack 9, allows remote malicious users to inject arbitrary web script or HTML via the...
Liferay Dxp 7.0
Liferay Dxp 7.1
Liferay Dxp 7.2
Liferay Liferay Portal
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »