Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-42118
A Cross-site scripting (XSS) vulnerability in the Portal Search module in Liferay Portal 7.1.0 up to and including 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote malicious users to inject arbitrary web script or ...
Liferay Liferay Portal
Liferay Dxp 7.2
Liferay Dxp 7.1
Liferay Dxp 7.3
7.2
CVSSv3
CVE-2020-28884
Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject Groovy script to execute any OS command on the Liferay Portal Sever. NOTE: The developer disputes this as a vulnerability since it is a feature for administr...
Liferay Liferay Portal 7.2
Liferay Liferay Portal 7.3.5
7.2
CVSSv3
CVE-2020-28885
Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject commands through the Gogo Shell module to execute any OS command on the Liferay Portal Sever. NOTE: The developer disputes this as a vulnerability since it i...
Liferay Liferay Portal 7.2
Liferay Liferay Portal 7.3.5
6.1
CVSSv3
CVE-2021-38264
Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 and 7.4.1 allows remote malicious users to inject arbitrary web script or HTML into the management toolbar search via the `keywords` parameter. This issue is caused by an incomplete fix...
Liferay Liferay Portal 7.4.0
Liferay Liferay Portal 7.4.1
6.1
CVSSv3
CVE-2020-25476
Liferay CMS Portal version 7.1.3 and 7.2.1 have a blind persistent cross-site scripting (XSS) vulnerability in the user name parameter to Calendar. An attacker can insert the malicious payload on the username, lastname or surname fields of its own profile, and the malicious paylo...
Liferay Liferay Portal 7.1.3
Liferay Liferay Portal 7.2.1
5.4
CVSSv3
CVE-2022-42114
A Cross-site scripting (XSS) vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 up to and including 7.4.3.36, and Liferay DXP 7.4 before update 37 allows remote malicious users to inject arbitrary web script or HTML.
Liferay Dxp 7.4
Liferay Dxp
Liferay Liferay Portal
5.4
CVSSv3
CVE-2021-38269
Cross-site scripting (XSS) vulnerability in the Gogo Shell module in Liferay Portal 7.1.0 up to and including 7.3.6 and 7.4.0, and Liferay DXP 7.1 before fix pack 23, 7.2 before fix pack 13, and 7.3 before fix pack 2 allows remote malicious users to inject arbitrary web script or...
Liferay Liferay Portal 7.4.0
Liferay Liferay Portal
Liferay Digital Experience Platform 7.2
Liferay Digital Experience Platform 7.1
Liferay Digital Experience Platform 7.3
4.3
CVSSv3
CVE-2022-39975
The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a "Content Page" type page, allowing malicious users to view unpublished "Conte...
Liferay Dxp 7.3
Liferay Dxp 7.4
Liferay Liferay Portal
7.5
CVSSv3
CVE-2021-33323
The Dynamic Data Mapping module in Liferay Portal 7.1.0 up to and including 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, autosaves form values for unauthenticated users, which allows remote malicious users to view the autosaved values by viewing the f...
Liferay Dxp 7.1
Liferay Dxp 7.2
Liferay Liferay Portal
6.1
CVSSv3
CVE-2021-33332
Cross-site scripting (XSS) vulnerability in the Portlet Configuration module in Liferay Portal 7.1.0 up to and including 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, allows remote malicious users to inject arbitrary web script or HTML via the _com_lif...
Liferay Dxp 7.1
Liferay Dxp 7.2
Liferay Liferay Portal
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »