Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay dxp vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-38512
The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing malicious users to download a web content page's XLIFF translatio...
Liferay Liferay Portal
Liferay Dxp 7.4
NA
CVE-2023-3193
Cross-site scripting (XSS) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 up to and including 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote malicious users to inject arbitrary web script or HTML via the `_com_liferay_layo...
Liferay Dxp 7.4
Liferay Liferay Portal
4.3
CVSSv2
CVE-2021-33330
Liferay Portal 7.2.0 up to and including 7.3.2, and Liferay DXP 7.2 before fix pack 9, allows access to Cross-origin resource sharing (CORS) protected resources if the user is only authenticated using the portal session authentication, which allows remote malicious users to obtai...
Liferay Dxp 7.2
Liferay Liferay Portal
NA
CVE-2022-42113
A Cross-site scripting (XSS) vulnerability in Document Library module in Liferay Portal 7.4.3.30 up to and including 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote malicious users to inject arbitrary web script or HTML via the `redirect` parameter.
Liferay Dxp 7.4
Liferay Liferay Portal
NA
CVE-2022-42119
Certain Liferay products are vulnerable to Cross Site Scripting (XSS) via the Commerce module. This affects Liferay Portal 7.3.5 up to and including 7.4.2 and Liferay DXP 7.3 before update 8.
Liferay Liferay Portal
Liferay Dxp 7.3
3.5
CVSSv2
CVE-2021-33339
Cross-site scripting (XSS) vulnerability in the Fragment module in Liferay Portal 7.2.1 up to and including 7.3.4, and Liferay DXP 7.2 before fix pack 9 allows remote malicious users to inject arbitrary web script or HTML via the _com_liferay_site_admin_web_portlet_SiteAdminPortl...
Liferay Dxp 7.2
Liferay Liferay Portal
NA
CVE-2023-35030
Cross-site request forgery (CSRF) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 up to and including 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote malicious users to execute arbitrary code in the scripting console via the...
Liferay Dxp 7.4
Liferay Liferay Portal
4
CVSSv2
CVE-2021-29052
The Data Engine module in Liferay Portal 7.3.0 up to and including 7.3.5, and Liferay DXP 7.3 before fix pack 1 does not check permissions in DataDefinitionResourceImpl.getSiteDataDefinitionByContentTypeByDataDefinitionKey, which allows remote authenticated users to view DDMStruc...
Liferay Dxp 7.3
Liferay Liferay Portal
NA
CVE-2023-35029
Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 up to and including 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote malicious users to redirect users to arbitrary external URLs via the `_com_liferay_layout_admi...
Liferay Dxp 7.4
Liferay Liferay Portal
4.3
CVSSv2
CVE-2021-29046
Cross-site scripting (XSS) vulnerability in the Asset module's category selector input field in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1, allows remote malicious users to inject arbitrary web script or HTML via the _com_liferay_asset_categories_admin_web_po...
Liferay Dxp 7.3
Liferay Liferay Portal 7.3.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »