Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay dxp 7.4 vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2022-42128
The Hypermedia REST APIs module in Liferay Portal 7.4.1 up to and including 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote malicious users to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API.
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
9.8
CVSSv3
CVE-2022-42120
A SQL injection vulnerability in the Fragment module in Liferay Portal 7.3.3 up to and including 7.4.3.16, and Liferay DXP 7.3 before update 4, and 7.4 before update 17 allows malicious users to execute arbitrary SQL commands via a PortletPreferences' `namespace` attribute.
Liferay Dxp 7.3
Liferay Liferay Portal
Liferay Dxp 7.4
7.5
CVSSv3
CVE-2022-42125
Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 up to and including 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows malicious users to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module.
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
5.4
CVSSv3
CVE-2022-38901
A Cross-site scripting (XSS) vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote malicious users to inject arbitrary JS script or HTML into the description field of uploaded svg file.
Liferay Dxp 7.3
Liferay Dxp 7.4
Liferay Liferay Portal
Liferay Dxp
5.4
CVSSv3
CVE-2022-42112
A Cross-site scripting (XSS) vulnerability in the Portal Search module's Sort widget in Liferay Portal 7.2.0 up to and including 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote malicious users to inject arbitr...
Liferay Dxp 7.2
Liferay Dxp 7.3
Liferay Dxp 7.4
Liferay Dxp
Liferay Liferay Portal
6.1
CVSSv3
CVE-2022-42116
A Cross-site scripting (XSS) vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 up to and including 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote malicious users to inject arbitrary web scri...
Liferay Dxp
Liferay Dxp 7.3
Liferay Dxp 7.4
Liferay Liferay Portal
6.1
CVSSv3
CVE-2022-42113
A Cross-site scripting (XSS) vulnerability in Document Library module in Liferay Portal 7.4.3.30 up to and including 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote malicious users to inject arbitrary web script or HTML via the `redirect` parameter.
Liferay Dxp 7.4
Liferay Liferay Portal
5.4
CVSSv3
CVE-2022-42114
A Cross-site scripting (XSS) vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 up to and including 7.4.3.36, and Liferay DXP 7.4 before update 37 allows remote malicious users to inject arbitrary web script or HTML.
Liferay Dxp 7.4
Liferay Dxp
Liferay Liferay Portal
6.1
CVSSv3
CVE-2022-42117
A Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 up to and including 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote malicious users to inject arbitrary web script or HTML.
Liferay Dxp
Liferay Dxp 7.3
Liferay Dxp 7.4
Liferay Liferay Portal
6.1
CVSSv3
CVE-2022-28980
Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows malicious users to execute arbitrary web scripts or HTML via parameters with the filter_ prefix.
Liferay Liferay Portal
Liferay Dxp 7.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »