Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2017-12646
XSS exists in Liferay Portal prior to 7.0 CE GA4 via a login name, password, or e-mail address.
Liferay Liferay Portal
4.3
CVSSv2
CVE-2017-12645
XSS exists in Liferay Portal prior to 7.0 CE GA4 via an invalid portletId.
Liferay Liferay Portal
4.3
CVSSv2
CVE-2017-12647
XSS exists in Liferay Portal prior to 7.0 CE GA4 via a Knowledge Base article title.
Liferay Liferay Portal
4.3
CVSSv2
CVE-2017-12648
XSS exists in Liferay Portal prior to 7.0 CE GA4 via a bookmark URL.
Liferay Liferay Portal
4.3
CVSSv2
CVE-2017-12649
XSS exists in Liferay Portal prior to 7.0 CE GA4 via a crafted title or summary that is mishandled in the Web Content Display.
Liferay Liferay Portal
4.3
CVSSv2
CVE-2016-3670
Cross-site scripting (XSS) vulnerability in users.jsp in the Profile Search functionality in Liferay prior to 7.0.0 CE RC1 allows remote malicious users to inject arbitrary web script or HTML via the FirstName field.
Liferay Liferay Portal
1 EDB exploit
4.3
CVSSv2
CVE-2014-2963
Multiple cross-site scripting (XSS) vulnerabilities in group/control_panel/manage in Liferay Portal 6.1.2 CE GA3, 6.1.X EE, and 6.2.X EE allow remote malicious users to inject arbitrary web script or HTML via the (1) _2_firstName, (2) _2_lastName, or (3) _2_middleName parameter.
Liferay Liferay Portal 6.1.2 Ce Ga3
Liferay Liferay Portal 6.2.x Ee
Liferay Liferay Portal 6.1.x Ee
4.3
CVSSv2
CVE-2009-3742
Cross-site scripting (XSS) vulnerability in Liferay Portal prior to 5.3.0 allows remote malicious users to inject arbitrary web script or HTML via the p_p_id parameter.
Liferay Liferay Portal
4.3
CVSSv2
CVE-2009-1294
Multiple cross-site scripting (XSS) vulnerabilities in web/guest/home in the Liferay 4.3.0 portal in Novell Teaming 1.0 through SP3 (1.0.3) allow remote malicious users to inject arbitrary web script or HTML via the (1) p_p_state or (2) p_p_mode parameters.
Novell Teaming 1.0
Novell Teaming 1.0.2
Novell Teaming 1.0.3
Novell Teaming 1.0.1
Liferay Liferay Enterprise Portal 4.3.0
1 EDB exploit
4.3
CVSSv2
CVE-2008-0563
Cross-site request forgery (CSRF) vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote malicious users to perform unspecified actions as unspecified authenticated users via the User-Agent HTTP header, which is used when composing Forgot Pa...
Liferay Liferay Enterprise Portal 4.3.6
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »