Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay liferay portal vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-8349
Cross-site scripting (XSS) vulnerability in Liferay Portal Enterprise Edition (EE) 6.2 SP8 and previous versions allows remote authenticated users to inject arbitrary web script or HTML via the _20_body parameter in the comment field in an uploaded file.
Liferay Liferay Portal
5.4
CVSSv3
CVE-2022-42115
Cross-site scripting (XSS) vulnerability in the Object module's edit object details page in Liferay Portal 7.4.3.4 up to and including 7.4.3.36 allows remote malicious users to inject arbitrary web script or HTML via a crafted payload injected into the object field's `L...
Liferay Liferay Portal
7.5
CVSSv3
CVE-2020-24554
The redirect module in Liferay Portal prior to 7.3.3 does not limit the number of URLs resulting in a 404 error that is recorded, which allows remote malicious users to perform a denial of service attack by making repeated requests for pages that do not exist.
Liferay Liferay Portal
6.1
CVSSv3
CVE-2017-1000425
Cross-site scripting (XSS) vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote malicious users to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter.
Liferay Liferay Portal
6.1
CVSSv3
CVE-2016-3670
Cross-site scripting (XSS) vulnerability in users.jsp in the Profile Search functionality in Liferay prior to 7.0.0 CE RC1 allows remote malicious users to inject arbitrary web script or HTML via the FirstName field.
Liferay Liferay Portal
1 EDB exploit
5.3
CVSSv3
CVE-2022-41414
An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows malicious users to enumerate usernames, site names, and pages.
Liferay Liferay Portal
NA
CVE-2009-3742
Cross-site scripting (XSS) vulnerability in Liferay Portal prior to 5.3.0 allows remote malicious users to inject arbitrary web script or HTML via the p_p_id parameter.
Liferay Liferay Portal
6.1
CVSSv3
CVE-2017-12647
XSS exists in Liferay Portal prior to 7.0 CE GA4 via a Knowledge Base article title.
Liferay Liferay Portal
7.5
CVSSv3
CVE-2022-28981
Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 up to and including 7.4.2 allows remote malicious users to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the `parameter` parameter.
Liferay Liferay Portal
6.1
CVSSv3
CVE-2023-47797
Reflected cross-site scripting (XSS) vulnerability on a content page’s edit page in Liferay Portal 7.4.3.94 up to and including 7.4.3.95 allows remote malicious users to inject arbitrary web script or HTML via the `p_l_back_url_title` parameter.
Liferay Liferay Portal
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »