Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay liferay portal vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2021-33334
The Dynamic Data Mapping module in Liferay Portal 7.0.0 up to and including 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6, does not properly check user permissions, which allows remote attackers with the forms "Access in Sit...
Liferay Dxp 7.0
Liferay Dxp 7.1
Liferay Dxp 7.2
Liferay Liferay Portal
6.1
CVSSv3
CVE-2021-29051
Cross-site scripting (XSS) vulnerability in the Asset module's Asset Publisher app in Liferay Portal 7.2.1 up to and including 7.3.5, and Liferay DXP 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows remote malicious users to inject arbitrary we...
Liferay Dxp 7.1
Liferay Dxp 7.2
Liferay Dxp 7.3
Liferay Liferay Portal
6.1
CVSSv3
CVE-2022-28979
Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 exists to contain a cross-site scripting (XSS) vulnerability in the Portal Search module's Custom Facet widget. This vulnerability allows malici...
Liferay Dxp 7.2
Liferay Dxp 7.1
Liferay Liferay Portal
Liferay Dxp 7.3
8.8
CVSSv3
CVE-2020-15841
Liferay Portal prior to 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7.1 before fix pack 17, and 7.2 before fix pack 4, does not safely test a connection to a LDAP server, which allows remote malicious users to obtain the LDAP server's password via the Test LDAP Connection...
Liferay Dxp 7.0
Liferay Dxp 7.1
Liferay Dxp 7.2
Liferay Liferay Portal
8.1
CVSSv3
CVE-2020-15842
Liferay Portal prior to 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5, allows man-in-the-middle malicious users to execute arbitrary code via crafted serialized payloads, because of insecure deserialization.
Liferay Dxp 7.0
Liferay Dxp 7.1
Liferay Dxp 7.2
Liferay Liferay Portal
6.5
CVSSv3
CVE-2024-25144
The IFrame widget in Liferay Portal 7.2.0 up to and including 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote auth...
Liferay Dxp 7.2
Liferay Dxp 7.3
Liferay Dxp 7.4
Liferay Liferay Portal
4.3
CVSSv3
CVE-2021-33320
The Flags module in Liferay Portal 7.3.1 and previous versions, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 5, does not limit the rate at which content can be flagged as inappropriate, which allows remote authenticated users to spam the...
Liferay Dxp 7.0
Liferay Dxp 7.1
Liferay Dxp 7.2
Liferay Liferay Portal
6.1
CVSSv3
CVE-2021-33326
Cross-site scripting (XSS) vulnerability in the Frontend JS module in Liferay Portal 7.3.4 and previous versions, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20 and 7.2 before fix pack 9, allows remote malicious users to inject arbitrary web script or HTML via the...
Liferay Dxp 7.0
Liferay Dxp 7.1
Liferay Dxp 7.2
Liferay Liferay Portal
6.3
CVSSv3
CVE-2021-33333
The Portal Workflow module in Liferay Portal 7.3.2 and previous versions, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and 7.2 before fix pack 6, does not properly check user permission, which allows remote authenticated users to view and delete workflow submiss...
Liferay Dxp 7.0
Liferay Dxp 7.1
Liferay Dxp 7.2
Liferay Liferay Portal
NA
CVE-2007-6055
Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Portal 4.1.0 and 4.1.1 allows remote malicious users to inject arbitrary web script or HTML via the login parameter. NOTE: this issue reportedly exists because of a regression that followed a fix at an unspecif...
Liferay Portal 4.1.1
Liferay Portal 4.1.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »