Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay liferay portal vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-44309
Multiple stored cross-site scripting (XSS) vulnerabilities in the fragment components in Liferay Portal 7.4.2 up to and including 7.4.3.53, and Liferay DXP 7.4 before update 54 allow remote malicious users to inject arbitrary web script or HTML via a crafted payload injected into...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
5.4
CVSSv3
CVE-2023-42629
Stored cross-site scripting (XSS) vulnerability in the manage vocabulary page in Liferay Portal 7.4.2 up to and including 7.4.3.87, and Liferay DXP 7.4 before update 88 allows remote malicious users to inject arbitrary web script or HTML via a crafted payload injected into a Voca...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
6.1
CVSSv3
CVE-2023-42497
Reflected cross-site scripting (XSS) vulnerability on the Export for Translation page in Liferay Portal 7.4.3.4 up to and including 7.4.3.85, and Liferay DXP 7.4 before update 86 allows remote malicious users to inject arbitrary web script or HTML via the `_com_liferay_translatio...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
4.3
CVSSv3
CVE-2023-3426
The organization selector in Liferay Portal 7.4.3.81 up to and including 7.4.3.85, and Liferay DXP 7.4 update 81 through 85 does not check user permission, which allows remote authenticated users to obtain a list of all organizations.
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
8.8
CVSSv3
CVE-2023-35030
Cross-site request forgery (CSRF) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 up to and including 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote malicious users to execute arbitrary code in the scripting console via the...
Liferay Dxp 7.4
Liferay Liferay Portal
6.1
CVSSv3
CVE-2023-3193
Cross-site scripting (XSS) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 up to and including 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote malicious users to inject arbitrary web script or HTML via the `_com_liferay_layo...
Liferay Dxp 7.4
Liferay Liferay Portal
6.1
CVSSv3
CVE-2023-35029
Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 up to and including 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote malicious users to redirect users to arbitrary external URLs via the `_com_liferay_layout_admi...
Liferay Dxp 7.4
Liferay Liferay Portal
7.5
CVSSv3
CVE-2023-33949
In Liferay Portal 7.3.0 and previous versions, and Liferay DXP 7.2 and previous versions the default configuration does not require users to verify their email address, which allows remote malicious users to create accounts using fake email addresses or email addresses which they...
Liferay Digital Experience Platform 7.2
Liferay Digital Experience Platform 7.1
Liferay Digital Experience Platform 7.0
Liferay Liferay Portal
7.5
CVSSv3
CVE-2023-33950
Pattern Redirects in Liferay Portal 7.4.3.48 up to and including 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are vulnerable to ReDoS attacks to be used as patterns, which allows remote malicious users to consume an excessive amount of server...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
6.1
CVSSv3
CVE-2023-33944
Cross-site scripting (XSS) vulnerability in Layout module in Liferay Portal 7.3.4 up to and including 7.4.3.68, and Liferay DXP 7.3 before update 24, and 7.4 before update 69 allows remote malicious users to inject arbitrary web script or HTML via a crafted payload injected into ...
Liferay Digital Experience Platform 7.3
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcoded
arbitrary code
CVE-2024-2404
CVE-2024-21111
CVE-2024-28627
CVE-2024-4073
information disclosure
CVE-2024-32780
CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »