Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay liferay portal vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2021-29046
Cross-site scripting (XSS) vulnerability in the Asset module's category selector input field in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1, allows remote malicious users to inject arbitrary web script or HTML via the _com_liferay_asset_categories_admin_web_po...
Liferay Dxp 7.3
Liferay Liferay Portal 7.3.5
4.3
CVSSv2
CVE-2021-29039
Cross-site scripting (XSS) vulnerability in the Asset module's categories administration page in Liferay Portal 7.3.4 allows remote malicious users to inject arbitrary web script or HTML via the site name.
Liferay Liferay Portal 7.3.4
4.3
CVSSv2
CVE-2020-25476
Liferay CMS Portal version 7.1.3 and 7.2.1 have a blind persistent cross-site scripting (XSS) vulnerability in the user name parameter to Calendar. An attacker can insert the malicious payload on the username, lastname or surname fields of its own profile, and the malicious paylo...
Liferay Liferay Portal 7.1.3
Liferay Liferay Portal 7.2.1
4.3
CVSSv2
CVE-2020-15841
Liferay Portal prior to 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7.1 before fix pack 17, and 7.2 before fix pack 4, does not safely test a connection to a LDAP server, which allows remote malicious users to obtain the LDAP server's password via the Test LDAP Connection...
Liferay Dxp 7.0
Liferay Dxp 7.1
Liferay Dxp 7.2
Liferay Liferay Portal
4.3
CVSSv2
CVE-2019-16147
Liferay Portal up to and including 7.2.0 GA1 allows XSS via a journal article title to journal_article/page.jsp in journal/journal-taglib.
Liferay Liferay Portal 7.2.0
Liferay Liferay Portal
4.3
CVSSv2
CVE-2017-1000425
Cross-site scripting (XSS) vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote malicious users to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter.
Liferay Liferay Portal
4.3
CVSSv2
CVE-2017-17868
In Liferay Portal 6.1.0, the tags section has XSS via a Public Render Parameter (p_r_p) value, as demonstrated by p_r_p_564233524_tag.
Liferay Liferay Portal 6.1.0
4.3
CVSSv2
CVE-2017-12646
XSS exists in Liferay Portal prior to 7.0 CE GA4 via a login name, password, or e-mail address.
Liferay Liferay Portal
4.3
CVSSv2
CVE-2017-12648
XSS exists in Liferay Portal prior to 7.0 CE GA4 via a bookmark URL.
Liferay Liferay Portal
4.3
CVSSv2
CVE-2016-10404
XSS exists in Liferay Portal prior to 7.0 CE GA4 via a crafted redirect field to modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp.
Liferay Liferay Portal
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »