Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2024-25146
Liferay Portal 7.2.0 up to and including 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not ha...
Liferay Dxp 7.2
Liferay Dxp 7.3
Liferay Liferay Portal
6.5
CVSSv3
CVE-2024-25144
The IFrame widget in Liferay Portal 7.2.0 up to and including 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote auth...
Liferay Dxp 7.2
Liferay Dxp 7.3
Liferay Dxp 7.4
Liferay Liferay Portal
8.1
CVSSv3
CVE-2024-25148
In Liferay Portal 7.2.0 up to and including 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions the `doAsUserId` URL parameter may get leaked when creating linked content using the WYSIWYG editor...
Liferay Dxp 7.2
Liferay Dxp 7.3
Liferay Liferay Portal
NA
CVE-2023-47798
Account lockout in Liferay Portal 7.2.0 up to and including 7.3.0, and older unsupported versions, and Liferay DXP 7.2 before fix pack 5, and older unsupported versions does not invalidate existing user sessions, which allows remote authenticated users to remain authenticated aft...
NA
CVE-2024-25143
The Document and Media widget In Liferay Portal 7.2.0 up to and including 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions, does not limit resource consumption when generating a preview image,...
5.4
CVSSv3
CVE-2024-25145
Stored cross-site scripting (XSS) vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 up to and including 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before update 8, 7.3 before update 4, 7.2 before fix pack 17, and older u...
Liferay Dxp 7.2
Liferay Dxp 7.3
Liferay Dxp 7.4
Liferay Dxp
Liferay Liferay Portal
6.1
CVSSv3
CVE-2023-47797
Reflected cross-site scripting (XSS) vulnerability on a content page’s edit page in Liferay Portal 7.4.3.94 up to and including 7.4.3.95 allows remote malicious users to inject arbitrary web script or HTML via the `p_l_back_url_title` parameter.
Liferay Liferay Portal
5.4
CVSSv3
CVE-2023-42627
Multiple stored cross-site scripting (XSS) vulnerabilities in the Commerce module in Liferay Portal 7.3.5 up to and including 7.4.3.91, and Liferay DXP 7.3 update 33 and previous versions, and 7.4 before update 92 allow remote malicious users to inject arbitrary web script or HTM...
Liferay Digital Experience Platform 7.3
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
5.4
CVSSv3
CVE-2023-42628
Stored cross-site scripting (XSS) vulnerability in the Wiki widget in Liferay Portal 7.1.0 up to and including 7.4.3.87, and Liferay DXP 7.0 fix pack 83 through 102, 7.1 fix pack 28 and previous versions, 7.2 fix pack 20 and previous versions, 7.3 update 33 and previous versions,...
Liferay Digital Experience Platform 7.2
Liferay Digital Experience Platform 7.1
Liferay Digital Experience Platform 7.0
Liferay Digital Experience Platform 7.3
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
5.4
CVSSv3
CVE-2023-44310
Stored cross-site scripting (XSS) vulnerability in Page Tree menu Liferay Portal 7.3.6 up to and including 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote malicious users to inject arbitrary web script or HTML via a crafted paylo...
Liferay Digital Experience Platform 7.1
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »