Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay liferay portal vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-42121
A SQL injection vulnerability in the Layout module in Liferay Portal 7.1.3 up to and including 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before service pack 3, and 7.4 GA allows remote authenticated malicious users to execute arbitrary SQL comma...
Liferay Liferay Portal
Liferay Dxp 7.2
Liferay Dxp 7.1
Liferay Dxp 7.3
Liferay Dxp 7.4
NA
CVE-2022-28977
HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 up to and including 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3 before service pack 3 can be circumvented by using multiple forward slashes, which allows remote ...
Liferay Dxp 7.2
Liferay Dxp 7.0
Liferay Dxp 7.1
Liferay Dxp 7.3
Liferay Liferay Portal
NA
CVE-2022-28978
Stored cross-site scripting (XSS) vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 up to and including 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 ...
Liferay Dxp 7.0
Liferay Dxp 7.2
Liferay Dxp 7.1
Liferay Dxp 7.3
Liferay Liferay Portal
383
VMScore
CVE-2021-29043
The Portal Store module in Liferay Portal 7.0.0 up to and including 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 does not obfuscate the S3 store's proxy password, which allows malicious users to steal...
Liferay Dxp 7.0
Liferay Dxp 7.2
Liferay Dxp 7.1
Liferay Dxp 7.3
Liferay Liferay Portal
383
VMScore
CVE-2021-29044
Cross-site scripting (XSS) vulnerability in the Site module's membership request administration pages in Liferay Portal 7.0.0 up to and including 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows re...
Liferay Dxp 7.0
Liferay Dxp 7.2
Liferay Dxp 7.1
Liferay Dxp 7.3
Liferay Liferay Portal
578
VMScore
CVE-2010-5327
Liferay Portal up to and including 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template.
Liferay Liferay Portal
445
VMScore
CVE-2020-24554
The redirect module in Liferay Portal prior to 7.3.3 does not limit the number of URLs resulting in a 404 error that is recorded, which allows remote malicious users to perform a denial of service attack by making repeated requests for pages that do not exist.
Liferay Liferay Portal
312
VMScore
CVE-2020-7934
In LifeRay Portal CE 7.1.0 up to and including 7.2.1 GA2, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in...
Liferay Liferay Portal
1 Github repository
NA
CVE-2022-42115
Cross-site scripting (XSS) vulnerability in the Object module's edit object details page in Liferay Portal 7.4.3.4 up to and including 7.4.3.36 allows remote malicious users to inject arbitrary web script or HTML via a crafted payload injected into the object field's `L...
Liferay Liferay Portal
383
VMScore
CVE-2009-3742
Cross-site scripting (XSS) vulnerability in Liferay Portal prior to 5.3.0 allows remote malicious users to inject arbitrary web script or HTML via the p_p_id parameter.
Liferay Liferay Portal
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044
remote code execution
CVE-2024-37080
CVE-2024-5182
CVE-2024-4390
CVE-2024-6100
brute force
CVE-2021-47581
file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »