Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay liferay portal vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2017-12646
XSS exists in Liferay Portal prior to 7.0 CE GA4 via a login name, password, or e-mail address.
Liferay Liferay Portal
6.1
CVSSv3
CVE-2017-12647
XSS exists in Liferay Portal prior to 7.0 CE GA4 via a Knowledge Base article title.
Liferay Liferay Portal
6.1
CVSSv3
CVE-2017-12648
XSS exists in Liferay Portal prior to 7.0 CE GA4 via a bookmark URL.
Liferay Liferay Portal
6.1
CVSSv3
CVE-2017-12649
XSS exists in Liferay Portal prior to 7.0 CE GA4 via a crafted title or summary that is mishandled in the Web Content Display.
Liferay Liferay Portal
9.8
CVSSv3
CVE-2020-7961
Deserialization of Untrusted Data in Liferay Portal before 7.2.1 CE GA2 allows remote malicious users to execute arbitrary code via JSON web services (JSONWS).
Liferay Liferay Portal
13 Github repositories
NA
CVE-2009-3742
Cross-site scripting (XSS) vulnerability in Liferay Portal prior to 5.3.0 allows remote malicious users to inject arbitrary web script or HTML via the p_p_id parameter.
Liferay Liferay Portal
7.5
CVSSv3
CVE-2022-28981
Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 up to and including 7.4.2 allows remote malicious users to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the `parameter` parameter.
Liferay Liferay Portal
6.1
CVSSv3
CVE-2016-10404
XSS exists in Liferay Portal prior to 7.0 CE GA4 via a crafted redirect field to modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp.
Liferay Liferay Portal
6.1
CVSSv3
CVE-2017-1000425
Cross-site scripting (XSS) vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote malicious users to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter.
Liferay Liferay Portal
NA
CVE-2014-8349
Cross-site scripting (XSS) vulnerability in Liferay Portal Enterprise Edition (EE) 6.2 SP8 and previous versions allows remote authenticated users to inject arbitrary web script or HTML via the _20_body parameter in the comment field in an uploaded file.
Liferay Liferay Portal
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »