Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay dxp 7.4 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2022-42130
The Dynamic Data Mapping module in Liferay Portal 7.1.0 up to and including 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 19, 7.3 before update 4, and 7.4 GA does not properly check permission of form entries, which allows remote authenticated users to view...
Liferay Digital Experience Platform 7.2
Liferay Digital Experience Platform 7.1
Liferay Digital Experience Platform 7.3
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
5.9
CVSSv3
CVE-2022-42132
The Test LDAP Users functionality in Liferay Portal 7.0.0 up to and including 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and previous versions, 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before update 4, and DXP 7.4 GA includes the LDAP credential in the page URL when pag...
Liferay Digital Experience Platform 7.2
Liferay Digital Experience Platform 7.1
Liferay Digital Experience Platform 7.0
Liferay Digital Experience Platform 7.3
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
5.4
CVSSv3
CVE-2023-33939
Cross-site scripting (XSS) vulnerability in the Modified Facet widget in Liferay Portal 7.1.0 up to and including 7.4.3.12, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 18, 7.3 before update 4, and 7.4 before update 9 allows remote malicious users to inject arbitra...
Liferay Digital Experience Platform 7.2
Liferay Digital Experience Platform 7.1
Liferay Digital Experience Platform 7.3
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
5.4
CVSSv3
CVE-2023-42628
Stored cross-site scripting (XSS) vulnerability in the Wiki widget in Liferay Portal 7.1.0 up to and including 7.4.3.87, and Liferay DXP 7.0 fix pack 83 through 102, 7.1 fix pack 28 and previous versions, 7.2 fix pack 20 and previous versions, 7.3 update 33 and previous versions,...
Liferay Digital Experience Platform 7.2
Liferay Digital Experience Platform 7.1
Liferay Digital Experience Platform 7.0
Liferay Digital Experience Platform 7.3
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
5.3
CVSSv3
CVE-2022-25146
The Remote App module in Liferay Portal Liferay Portal v7.4.3.4 through v7.4.3.8 and Liferay DXP 7.4 before update 5 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing malicious users to exfiltrate the CSRF token via a crafte...
Liferay Liferay Portal
Liferay Digital Experience Platform
NA
CVE-2022-45320
Liferay Portal prior to 7.4.3.16 and Liferay DXP prior to 7.2 fix pack 19, 7.3 before update 6, and 7.4 before update 16 allow remote authenticated users to become the owner of a wiki page by editing the wiki page.
NA
CVE-2023-5190
Open redirect vulnerability in the Countries Management’s edit region page in Liferay Portal 7.4.3.45 up to and including 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 45 through 92 allows remote malicious users to redirect users to arbitrary external UR...
NA
CVE-2024-26270
The Account Settings page in Liferay Portal 7.4.3.76 up to and including 7.4.3.99, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 76 through 92 embeds the user’s hashed password in the page’s HTML source, which allows man-in-the-middle malicious users to steal...
NA
CVE-2023-42498
Reflected cross-site scripting (XSS) vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 up to and including 7.4.3.97, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 4 through 92 allows remote malicious users to inject arbitrary web script or HTML...
NA
CVE-2024-26268
User enumeration vulnerability in Liferay Portal 7.2.0 up to and including 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote malicious users to determine if an ...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »