Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay digital experience platform vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2022-42127
The Friendly Url module in Liferay Portal 7.4.3.5 up to and including 7.4.3.36, and Liferay DXP 7.4 update 1 though 36 does not properly check user permissions, which allows remote malicious users to obtain the history of all friendly URLs that was assigned to a page.
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
5.3
CVSSv3
CVE-2022-42128
The Hypermedia REST APIs module in Liferay Portal 7.4.1 up to and including 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote malicious users to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API.
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
6.1
CVSSv3
CVE-2023-33938
Cross-site scripting (XSS) vulnerability in the App Builder module's custom object details page in Liferay Portal 7.3.0 up to and including 7.4.0, and Liferay DXP 7.3 before update 14 allows remote malicious users to inject arbitrary web script or HTML via a crafted payload ...
Liferay Digital Experience Platform 7.3
Liferay Liferay Portal
4.3
CVSSv3
CVE-2023-33947
The Object module in Liferay Portal 7.4.3.4 up to and including 7.4.3.60, and Liferay DXP 7.4 before update 61 does not segment object definition by virtual instance in search which allows remote authenticated users in one virtual instance to view object definition from a second ...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
7.5
CVSSv3
CVE-2023-33950
Pattern Redirects in Liferay Portal 7.4.3.48 up to and including 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote malicious users to consume an excessive amount of server...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
6.1
CVSSv3
CVE-2023-33941
Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 up to and including 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote malicious users to inject arbitrary...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
5.4
CVSSv3
CVE-2023-33943
Cross-site scripting (XSS) vulnerability in the Account module in Liferay Portal 7.4.3.21 up to and including 7.4.3.62, and Liferay DXP 7.4 update 21 through 62 allows remote malicious users to inject arbitrary web script or HTML via a crafted payload injected into a user's ...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
4.3
CVSSv3
CVE-2023-33946
The Object module in Liferay Portal 7.4.3.4 up to and including 7.4.3.48, and Liferay DXP 7.4 before update 49 does properly isolate objects in difference virtual instances, which allows remote authenticated users in one virtual instance to view objects in a different virtual ins...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
5.4
CVSSv3
CVE-2023-33940
Cross-site scripting (XSS) vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 up to and including 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote malicious users to inject arbitrary web script or HTML via the Remote App's IFrame URL.
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
4.3
CVSSv3
CVE-2023-3426
The organization selector in Liferay Portal 7.4.3.81 up to and including 7.4.3.85, and Liferay DXP 7.4 update 81 through 85 does not check user permission, which allows remote authenticated users to obtain a list of all organizations.
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »