Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay dxp 7.4 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-25145
Stored cross-site scripting (XSS) vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 up to and including 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before update 8, 7.3 before update 4, 7.2 before fix pack 17, and older u...
Liferay Dxp 7.2
Liferay Dxp 7.3
Liferay Dxp 7.4
Liferay Dxp
Liferay Liferay Portal
NA
CVE-2023-42627
Multiple stored cross-site scripting (XSS) vulnerabilities in the Commerce module in Liferay Portal 7.3.5 up to and including 7.4.3.91, and Liferay DXP 7.3 update 33 and previous versions, and 7.4 before update 92 allow remote malicious users to inject arbitrary web script or HTM...
Liferay Digital Experience Platform 7.3
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
NA
CVE-2023-42628
Stored cross-site scripting (XSS) vulnerability in the Wiki widget in Liferay Portal 7.1.0 up to and including 7.4.3.87, and Liferay DXP 7.0 fix pack 83 through 102, 7.1 fix pack 28 and previous versions, 7.2 fix pack 20 and previous versions, 7.3 update 33 and previous versions,...
Liferay Digital Experience Platform 7.2
Liferay Digital Experience Platform 7.1
Liferay Digital Experience Platform 7.0
Liferay Digital Experience Platform 7.3
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
NA
CVE-2023-44310
Stored cross-site scripting (XSS) vulnerability in Page Tree menu Liferay Portal 7.3.6 up to and including 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote malicious users to inject arbitrary web script or HTML via a crafted paylo...
Liferay Digital Experience Platform 7.1
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
NA
CVE-2023-44311
Multiple reflected cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 up to and including 7.4.3.89, and Liferay DXP 7.4 update 41 through update 89 allow remote malicious users to...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
NA
CVE-2023-42629
Stored cross-site scripting (XSS) vulnerability in the manage vocabulary page in Liferay Portal 7.4.2 up to and including 7.4.3.87, and Liferay DXP 7.4 before update 88 allows remote malicious users to inject arbitrary web script or HTML via a crafted payload injected into a Voca...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
NA
CVE-2023-44309
Multiple stored cross-site scripting (XSS) vulnerabilities in the fragment components in Liferay Portal 7.4.2 up to and including 7.4.3.53, and Liferay DXP 7.4 before update 54 allow remote malicious users to inject arbitrary web script or HTML via a crafted payload injected into...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
NA
CVE-2023-42497
Reflected cross-site scripting (XSS) vulnerability on the Export for Translation page in Liferay Portal 7.4.3.4 up to and including 7.4.3.85, and Liferay DXP 7.4 before update 86 allows remote malicious users to inject arbitrary web script or HTML via the `_com_liferay_translatio...
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
NA
CVE-2023-3426
The organization selector in Liferay Portal 7.4.3.81 up to and including 7.4.3.85, and Liferay DXP 7.4 update 81 through 85 does not check user permission, which allows remote authenticated users to obtain a list of all organizations.
Liferay Digital Experience Platform 7.4
Liferay Liferay Portal
NA
CVE-2023-35030
Cross-site request forgery (CSRF) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 up to and including 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote malicious users to execute arbitrary code in the scripting console via the...
Liferay Dxp 7.4
Liferay Liferay Portal
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »