Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-33321
Insecure default configuration in Liferay Portal 6.2.3 up to and including 7.3.2, and Liferay DXP prior to 7.3, allows remote malicious users to enumerate user email address via the forgot password functionality. The portal.property login.secure.forgot.password should be defaulte...
Liferay Dxp
Liferay Liferay Portal
NA
CVE-2022-28980
Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows malicious users to execute arbitrary web scripts or HTML via parameters with the filter_ prefix.
Liferay Liferay Portal
Liferay Dxp 7.4
NA
CVE-2022-28982
A cross-site scripting (XSS) vulnerability in Liferay Portal v7.3.3 through v7.4.2 and Liferay DXP v7.3 before service pack 3 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the name of a tag.
Liferay Dxp 7.3
Liferay Liferay Portal
4.3
CVSSv2
CVE-2021-29045
Cross-site scripting (XSS) vulnerability in the Redirect module's redirection administration page in Liferay Portal 7.3.2 up to and including 7.3.5, and Liferay DXP 7.3 before fix pack 1 allows remote malicious users to inject arbitrary web script or HTML via the _com_lifera...
Liferay Dxp 7.3
Liferay Liferay Portal
NA
CVE-2022-38902
A Cross-site scripting (XSS) vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote malicious users to inject arbitrary JS script or HTML into the name field of newly created topic.
Liferay Dxp 7.3
Liferay Liferay Portal
NA
CVE-2022-38512
The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing malicious users to download a web content page's XLIFF translatio...
Liferay Liferay Portal
Liferay Dxp 7.4
NA
CVE-2023-3193
Cross-site scripting (XSS) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 up to and including 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote malicious users to inject arbitrary web script or HTML via the `_com_liferay_layo...
Liferay Dxp 7.4
Liferay Liferay Portal
4.3
CVSSv2
CVE-2021-33330
Liferay Portal 7.2.0 up to and including 7.3.2, and Liferay DXP 7.2 before fix pack 9, allows access to Cross-origin resource sharing (CORS) protected resources if the user is only authenticated using the portal session authentication, which allows remote malicious users to obtai...
Liferay Dxp 7.2
Liferay Liferay Portal
NA
CVE-2022-42113
A Cross-site scripting (XSS) vulnerability in Document Library module in Liferay Portal 7.4.3.30 up to and including 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote malicious users to inject arbitrary web script or HTML via the `redirect` parameter.
Liferay Dxp 7.4
Liferay Liferay Portal
NA
CVE-2022-42119
Certain Liferay products are vulnerable to Cross Site Scripting (XSS) via the Commerce module. This affects Liferay Portal 7.3.5 up to and including 7.4.2 and Liferay DXP 7.3 before update 8.
Liferay Liferay Portal
Liferay Dxp 7.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »