Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-42118
A Cross-site scripting (XSS) vulnerability in the Portal Search module in Liferay Portal 7.1.0 up to and including 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote malicious users to inject arbitrary web script or ...
Liferay Liferay Portal
Liferay Dxp 7.2
Liferay Dxp 7.1
Liferay Dxp 7.3
NA
CVE-2022-42119
Certain Liferay products are vulnerable to Cross Site Scripting (XSS) via the Commerce module. This affects Liferay Portal 7.3.5 up to and including 7.4.2 and Liferay DXP 7.3 before update 8.
Liferay Liferay Portal
Liferay Dxp 7.3
NA
CVE-2022-42120
A SQL injection vulnerability in the Fragment module in Liferay Portal 7.3.3 up to and including 7.4.3.16, and Liferay DXP 7.3 before update 4, and 7.4 before update 17 allows malicious users to execute arbitrary SQL commands via a PortletPreferences' `namespace` attribute.
Liferay Dxp 7.3
Liferay Liferay Portal
Liferay Dxp 7.4
NA
CVE-2022-42121
A SQL injection vulnerability in the Layout module in Liferay Portal 7.1.3 up to and including 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before service pack 3, and 7.4 GA allows remote authenticated malicious users to execute arbitrary SQL comma...
Liferay Liferay Portal
Liferay Dxp 7.2
Liferay Dxp 7.1
Liferay Dxp 7.3
Liferay Dxp 7.4
NA
CVE-2022-42122
A SQL injection vulnerability in the Friendly Url module in Liferay Portal 7.3.7, and Liferay DXP 7.3 fix pack 2 through update 4 allows malicious users to execute arbitrary SQL commands via a crafted payload injected into the `title` field of a friendly URL.
Liferay Liferay Portal 7.3.7
Liferay Dxp 7.3
NA
CVE-2022-42125
Zip slip vulnerability in FileUtil.unzip in Liferay Portal 7.4.3.5 up to and including 7.4.3.35 and Liferay DXP 7.4 update 1 through update 34 allows malicious users to create or overwrite existing files on the filesystem via the deployment of a malicious plugin/module.
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
NA
CVE-2022-42126
The Asset Libraries module in Liferay Portal 7.3.5 up to and including 7.4.3.28, and Liferay DXP 7.3 before update 8, and DXP 7.4 before update 29 does not properly check permissions of asset libraries, which allows remote authenticated users to view asset libraries via the UI.
Liferay Digital Experience Platform 7.3
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
NA
CVE-2022-42127
The Friendly Url module in Liferay Portal 7.4.3.5 up to and including 7.4.3.36, and Liferay DXP 7.4 update 1 though 36 does not properly check user permissions, which allows remote malicious users to obtain the history of all friendly URLs that was assigned to a page.
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
NA
CVE-2022-42128
The Hypermedia REST APIs module in Liferay Portal 7.4.1 up to and including 7.4.3.4, and Liferay DXP 7.4 GA does not properly check permissions, which allows remote malicious users to obtain a WikiNode object via the WikiNodeResource.getSiteWikiNodeByExternalReferenceCode API.
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
NA
CVE-2022-42110
A Cross-site scripting (XSS) vulnerability in the Announcements module in Liferay Portal 7.1.0 up to and including 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote malicious users to inject arbitrary web script or ...
Liferay Liferay Portal
Liferay Dxp 7.2
Liferay Dxp 7.1
Liferay Dxp 7.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
CVE-2024-20360
CVE-2021-47559
XXE
CVE-2024-5229
CVE-2021-47543
CVE-2021-47571
SSTI
CVE-2024-4978
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »