Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
enterprise portal vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-35298
SAP NetWeaver Enterprise Portal (KMC) - version 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. KMC servlet is vulnerable to XSS attack. The execution of script content by a victim registered on the portal could compromi...
Sap Netweaver Enterprise Portal 7.50
4.3
CVSSv2
CVE-2008-0563
Cross-site request forgery (CSRF) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote malicious users to perform unspecified actions as unspecified authenticated users via the User-Agent HTTP header, which is used when composing Forgot Pa...
Liferay Liferay Enterprise Portal 4.3.6
4.3
CVSSv2
CVE-2008-0178
Cross-site scripting (XSS) vulnerability in the Enterprise Admin Session Monitoring component in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the User-Agent HTTP header.
Liferay Liferay Enterprise Portal 4.3.6
1 EDB exploit
5
CVSSv2
CVE-2015-2811
XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote malicious users to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939.
Sap Netweaver Enterprise Portal 7.31
5
CVSSv2
CVE-2015-2812
XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote malicious users to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966.
Sap Netweaver Enterprise Portal 7.31
4.3
CVSSv2
CVE-2007-6173
Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Enterprise Portal 4.3.1 allows remote malicious users to inject arbitrary web script or HTML via the emailAddress parameter in a Send New Password action, a different vector than CVE-2007-6055. NOTE: some of th...
Liferay Liferay Enterprise Portal 4.3.1
1 EDB exploit
4.3
CVSSv2
CVE-2008-0181
Cross-site scripting (XSS) vulnerability in the Admin portlet in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the Shutdown message.
Liferay Liferay Enterprise Portal 4.3.6
2.6
CVSSv2
CVE-2008-0179
Cross-site scripting (XSS) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote malicious users to inject arbitrary web script or HTML via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML for...
Liferay Liferay Enterprise Portal 4.3.6
4.3
CVSSv2
CVE-2014-7852
Cross-site scripting (XSS) vulnerability in JBoss RichFaces, as used in JBoss Portal 6.1.1, allows remote malicious users to inject arbitrary web script or HTML via crafted URL, which is not properly handled in a CSS file.
Redhat Jboss Enterprise Portal Platform 6.1.1
7.5
CVSSv2
CVE-2013-0314
The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote malicious users to modify site contents, remove the site, or alter the access controls for portlets.
Redhat Jboss Enterprise Portal Platform 5.2.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »