Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2021-33323
The Dynamic Data Mapping module in Liferay Portal 7.1.0 up to and including 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, autosaves form values for unauthenticated users, which allows remote malicious users to view the autosaved values by viewing the f...
Liferay Dxp 7.1
Liferay Dxp 7.2
Liferay Liferay Portal
445
VMScore
CVE-2021-33321
Insecure default configuration in Liferay Portal 6.2.3 up to and including 7.3.2, and Liferay DXP prior to 7.3, allows remote malicious users to enumerate user email address via the forgot password functionality. The portal.property login.secure.forgot.password should be defaulte...
Liferay Dxp
Liferay Liferay Portal
445
VMScore
CVE-2021-29047
The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote malicious users to repeatedly perform actions protected by a CAPTCHA challenge by reusing the same CAPTC...
Liferay Dxp
Liferay Dxp 7.3
Liferay Liferay Portal 7.3.4
Liferay Liferay Portal 7.3.5
445
VMScore
CVE-2021-29040
The JSON web services in Liferay Portal 7.3.4 and previous versions, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack 10 may provide overly verbose error messages, which allows remote malicious users to use the contents of error messages to h...
Liferay Dxp
Liferay Dxp 7.0
Liferay Dxp 7.1
Liferay Dxp 7.2
Liferay Liferay Portal
445
VMScore
CVE-2020-15840
In Liferay Portal prior to 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property 'portlet.resource.id.banned.paths.regexp' can be bypassed with doubled encoded URLs.
Liferay Dxp 7.0
Liferay Dxp 7.1
Liferay Dxp 7.2
Liferay Liferay Portal 6.2
Liferay Liferay Portal
445
VMScore
CVE-2020-24554
The redirect module in Liferay Portal prior to 7.3.3 does not limit the number of URLs resulting in a 404 error that is recorded, which allows remote malicious users to perform a denial of service attack by making repeated requests for pages that do not exist.
Liferay Liferay Portal
435
VMScore
CVE-2016-3670
Cross-site scripting (XSS) vulnerability in users.jsp in the Profile Search functionality in Liferay prior to 7.0.0 CE RC1 allows remote malicious users to inject arbitrary web script or HTML via the FirstName field.
Liferay Liferay Portal
1 EDB exploit
435
VMScore
CVE-2009-1294
Multiple cross-site scripting (XSS) vulnerabilities in web/guest/home in the Liferay 4.3.0 portal in Novell Teaming 1.0 through SP3 (1.0.3) allow remote malicious users to inject arbitrary web script or HTML via the (1) p_p_state or (2) p_p_mode parameters.
Novell Teaming 1.0
Novell Teaming 1.0.2
Novell Teaming 1.0.3
Novell Teaming 1.0.1
Liferay Liferay Enterprise Portal 4.3.0
1 EDB exploit
435
VMScore
CVE-2008-0178
Cross-site scripting (XSS) vulnerability in the Enterprise Admin Session Monitoring component in Liferay Portal 4.3.6 allows remote authenticated users to inject arbitrary web script or HTML via the User-Agent HTTP header.
Liferay Liferay Enterprise Portal 4.3.6
1 EDB exploit
435
VMScore
CVE-2007-6173
Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Enterprise Portal 4.3.1 allows remote malicious users to inject arbitrary web script or HTML via the emailAddress parameter in a Send New Password action, a different vector than CVE-2007-6055. NOTE: some of th...
Liferay Liferay Enterprise Portal 4.3.1
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2024-34413
CVE-2024-34089
CVE-2024-33408
local
SQL
CVE-2024-0402
CVE-2024-33910
CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »