Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay digital experience platform vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-42629
Stored cross-site scripting (XSS) vulnerability in the manage vocabulary page in Liferay Portal 7.4.2 up to and including 7.4.3.87, and Liferay DXP 7.4 before update 88 allows remote malicious users to inject arbitrary web script or HTML via a crafted payload injected into a Voca...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
NA
CVE-2023-44309
Multiple stored cross-site scripting (XSS) vulnerabilities in the fragment components in Liferay Portal 7.4.2 up to and including 7.4.3.53, and Liferay DXP 7.4 before update 54 allow remote malicious users to inject arbitrary web script or HTML via a crafted payload injected into...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
NA
CVE-2023-33942
Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote malicious users to inject arbitrary web script or HTML via a crafted payload injected into a web cont...
Liferay Liferay Portal 7.4.3.50
Liferay Digital Experience Platform 7.4
NA
CVE-2023-33948
The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can be downloaded from a Form, which allows remote malicious users to download any file from Document and Media via a crafted URL.
Liferay Liferay Portal 7.4.3.67
Liferay Digital Experience Platform 7.4
NA
CVE-2022-38901
A Cross-site scripting (XSS) vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote malicious users to inject arbitrary JS script or HTML into the description field of uploaded svg file.
Liferay Dxp 7.3
Liferay Dxp 7.4
Liferay Liferay Portal
Liferay Dxp
NA
CVE-2022-38902
A Cross-site scripting (XSS) vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote malicious users to inject arbitrary JS script or HTML into the name field of newly created topic.
Liferay Dxp 7.3
Liferay Liferay Portal
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5