Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay liferay portal 7.2 vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2021-33339
Cross-site scripting (XSS) vulnerability in the Fragment module in Liferay Portal 7.2.1 up to and including 7.3.4, and Liferay DXP 7.2 before fix pack 9 allows remote malicious users to inject arbitrary web script or HTML via the _com_liferay_site_admin_web_portlet_SiteAdminPortl...
Liferay Dxp 7.2
Liferay Liferay Portal
4.3
CVSSv3
CVE-2022-42130
The Dynamic Data Mapping module in Liferay Portal 7.1.0 up to and including 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permission of form entries, which allows remote authenticated users to view...
Liferay Digital Experience Platform 7.2
Liferay Digital Experience Platform 7.1
Liferay Digital Experience Platform 7.3
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
4.3
CVSSv3
CVE-2022-26595
Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups, which allows remote authenticated users to view sites/groups via the user's site membership assignment U...
Liferay Liferay Portal 7.4.0
Liferay Digital Experience Platform 7.2
Liferay Digital Experience Platform 7.3
Liferay Liferay Portal 7.4.1
Liferay Liferay Portal 7.3.7
4.3
CVSSv3
CVE-2021-33334
The Dynamic Data Mapping module in Liferay Portal 7.0.0 up to and including 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6, does not properly check user permissions, which allows remote attackers with the forms "Access in Sit...
Liferay Dxp 7.0
Liferay Dxp 7.1
Liferay Dxp 7.2
Liferay Liferay Portal
4.3
CVSSv3
CVE-2021-33320
The Flags module in Liferay Portal 7.3.1 and previous versions, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 5, does not limit the rate at which content can be flagged as inappropriate, which allows remote authenticated users to spam the...
Liferay Dxp 7.0
Liferay Dxp 7.1
Liferay Dxp 7.2
Liferay Liferay Portal
4.3
CVSSv3
CVE-2021-33324
The Layout module in Liferay Portal 7.1.0 up to and including 7.3.1, and Liferay DXP 7.1 before fix pack 20, and 7.2 before fix pack 5, does not properly check permission of pages, which allows remote authenticated users without view permission of a page to view the page via a si...
Liferay Dxp 7.1
Liferay Dxp 7.2
Liferay Liferay Portal
4.3
CVSSv3
CVE-2021-33327
The Portlet Configuration module in Liferay Portal 7.2.0 up to and including 7.3.3, and Liferay DXP 7.0 fix pack pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix pack 8, does not properly check user permission, which allows remote authenticated users to view the Guest and User...
Liferay Dxp 7.0
Liferay Dxp 7.1
Liferay Dxp 7.2
Liferay Liferay Portal
4.3
CVSSv3
CVE-2021-33330
Liferay Portal 7.2.0 up to and including 7.3.2, and Liferay DXP 7.2 before fix pack 9, allows access to Cross-origin resource sharing (CORS) protected resources if the user is only authenticated using the portal session authentication, which allows remote malicious users to obtai...
Liferay Dxp 7.2
Liferay Liferay Portal
NA
CVE-2024-25151
The Calendar module in Liferay Portal 7.2.0 up to and including 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not escape user supplied data in the default notification email template, ...
NA
CVE-2024-25603
Stored cross-site scripting (XSS) vulnerability in the Dynamic Data Mapping module's DDMForm in Liferay Portal 7.2.0 up to and including 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versio...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
hard-coded
CVE-2024-27202
NULL pointer dereference
CVE-2024-28075
CVE-2024-33608
CVE-2024-28889
CVE-2024-34572
template injection
CVE-2024-34351
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »