Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay portal vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2021-38267
Cross-site scripting (XSS) vulnerability in the Blogs module's edit blog entry page in Liferay Portal 7.3.2 up to and including 7.3.6, and Liferay DXP 7.3 before fix pack 2 allows remote malicious users to inject arbitrary web script or HTML via the _com_liferay_blogs_web_po...
Liferay Liferay Portal
Liferay Digital Experience Platform 7.3
Liferay Digital Experience Platform
312
VMScore
CVE-2021-33339
Cross-site scripting (XSS) vulnerability in the Fragment module in Liferay Portal 7.2.1 up to and including 7.3.4, and Liferay DXP 7.2 before fix pack 9 allows remote malicious users to inject arbitrary web script or HTML via the _com_liferay_site_admin_web_portlet_SiteAdminPortl...
Liferay Dxp 7.2
Liferay Liferay Portal
312
VMScore
CVE-2021-33336
Cross-site scripting (XSS) vulnerability in the Journal module's add article menu in Liferay Portal 7.3.0 up to and including 7.3.3, and Liferay DXP 7.1 fix pack 18, and 7.2 fix pack 5 through 7, allows remote malicious users to inject arbitrary web script or HTML via the _c...
Liferay Dxp 7.1
Liferay Dxp 7.2
Liferay Liferay Portal
312
VMScore
CVE-2021-33328
Cross-site scripting (XSS) vulnerability in the Asset module's edit vocabulary page in Liferay Portal 7.0.0 up to and including 7.3.4, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 9, allows remote malicious users to inject arbitrary...
Liferay Dxp 7.0
Liferay Dxp 7.1
Liferay Dxp 7.2
Liferay Liferay Portal
312
VMScore
CVE-2020-7934
In LifeRay Portal CE 7.1.0 up to and including 7.2.1 GA2, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in...
Liferay Liferay Portal
1 Github repository
312
VMScore
CVE-2014-8349
Cross-site scripting (XSS) vulnerability in Liferay Portal Enterprise Edition (EE) 6.2 SP8 and previous versions allows remote authenticated users to inject arbitrary web script or HTML via the _20_body parameter in the comment field in an uploaded file.
Liferay Liferay Portal
312
VMScore
CVE-2011-1503
The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x prior to 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL.
Liferay Liferay Portal
312
VMScore
CVE-2011-1570
Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x prior to 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.
Liferay Liferay Portal
312
VMScore
CVE-2011-1504
Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 5.x and 6.x prior to 6.0.6 GA allows remote authenticated users to inject arbitrary web script or HTML via a blog title.
Liferay Portal 5.2.1
Liferay Portal 5.1.0
Liferay Portal 5.1.2
Liferay Portal 6.0.4
Liferay Portal 6.0.5
Liferay Portal 5.1.1
Liferay Portal 6.0.0
Liferay Portal 6.0.2
Liferay Portal 6.0.1
Liferay Portal 5.2.2
Liferay Portal 5.2.3
Liferay Portal 5.2.0
Liferay Portal 5.0.0
Liferay Portal 5.0.1
Liferay Portal 6.0.3
265
VMScore
CVE-2019-6588
In Liferay Portal prior to 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call <liferay-ui:captcha url="<%= url %>" /> or <liferay-captcha:cap...
Liferay Liferay Portal 7.1.0
Liferay Liferay Portal 7.0.4
Liferay Liferay Portal 7.0.3
Liferay Liferay Portal 7.0.0
Liferay Liferay Portal 6.2.4
Liferay Liferay Portal 6.2.3
Liferay Liferay Portal 6.2.2
Liferay Liferay Portal 6.2.0
Liferay Liferay Portal 6.1.0
Liferay Liferay Portal
Liferay Liferay Portal 7.0.6
Liferay Liferay Portal 7.0.5
Liferay Liferay Portal 6.2.5
Liferay Liferay Portal 7.0.2
Liferay Liferay Portal 7.0.1
Liferay Liferay Portal 6.2.1
Liferay Liferay Portal 6.1.2
Liferay Liferay Portal 6.1.1
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
firewall
CVE-2024-35649
stored XSS
CVE-2022-28654
CVE-2020-35153
CVE-2024-27348
CVE-2022-28652
local users
CVE-2017-3506
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »