Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay portal vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-33321
Insecure default configuration in Liferay Portal 6.2.3 up to and including 7.3.2, and Liferay DXP prior to 7.3, allows remote malicious users to enumerate user email address via the forgot password functionality. The portal.property login.secure.forgot.password should be defaulte...
Liferay Dxp
Liferay Liferay Portal
5.4
CVSSv3
CVE-2021-38269
Cross-site scripting (XSS) vulnerability in the Gogo Shell module in Liferay Portal 7.1.0 up to and including 7.3.6 and 7.4.0, and Liferay DXP 7.1 before fix pack 23, 7.2 before fix pack 13, and 7.3 before fix pack 2 allows remote malicious users to inject arbitrary web script or...
Liferay Liferay Portal 7.4.0
Liferay Liferay Portal
Liferay Digital Experience Platform 7.2
Liferay Digital Experience Platform 7.1
Liferay Digital Experience Platform 7.3
5.4
CVSSv3
CVE-2020-7934
In LifeRay Portal CE 7.1.0 up to and including 7.2.1 GA2, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in...
Liferay Liferay Portal
1 Github repository
9.8
CVSSv3
CVE-2020-7961
Deserialization of Untrusted Data in Liferay Portal before 7.2.1 CE GA2 allows remote malicious users to execute arbitrary code via JSON web services (JSONWS).
Liferay Liferay Portal
13 Github repositories
6.1
CVSSv3
CVE-2016-3670
Cross-site scripting (XSS) vulnerability in users.jsp in the Profile Search functionality in Liferay prior to 7.0.0 CE RC1 allows remote malicious users to inject arbitrary web script or HTML via the FirstName field.
Liferay Liferay Portal
1 EDB exploit
NA
CVE-2011-1502
Liferay Portal Community Edition (CE) 6.x prior to 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue.
Liferay Liferay Portal
8.8
CVSSv3
CVE-2018-10795
Liferay 6.2.x and before has an FCKeditor configuration that allows an malicious user to upload or transfer files of dangerous types that can be automatically processed within the product's environment via a browser/liferay/browser.html?Type= or html/js/editor/fckeditor/edit...
Liferay Liferay Portal
8.8
CVSSv3
CVE-2010-5327
Liferay Portal up to and including 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template.
Liferay Liferay Portal
NA
CVE-2009-3742
Cross-site scripting (XSS) vulnerability in Liferay Portal prior to 5.3.0 allows remote malicious users to inject arbitrary web script or HTML via the p_p_id parameter.
Liferay Liferay Portal
5.4
CVSSv3
CVE-2022-42115
Cross-site scripting (XSS) vulnerability in the Object module's edit object details page in Liferay Portal 7.4.3.4 up to and including 7.4.3.36 allows remote malicious users to inject arbitrary web script or HTML via a crafted payload injected into the object field's `L...
Liferay Liferay Portal
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »