Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
liferay portal vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2011-1571
Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x prior to 6.0.6 GA, when Apache Tomcat is used, allows remote malicious users to execute arbitrary commands via unknown vectors.
Liferay Liferay Portal
1 EDB exploit
1 Github repository
5.3
CVSSv3
CVE-2022-41414
An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows malicious users to enumerate usernames, site names, and pages.
Liferay Liferay Portal
6.1
CVSSv3
CVE-2017-12646
XSS exists in Liferay Portal prior to 7.0 CE GA4 via a login name, password, or e-mail address.
Liferay Liferay Portal
6.1
CVSSv3
CVE-2017-12647
XSS exists in Liferay Portal prior to 7.0 CE GA4 via a Knowledge Base article title.
Liferay Liferay Portal
6.1
CVSSv3
CVE-2017-12648
XSS exists in Liferay Portal prior to 7.0 CE GA4 via a bookmark URL.
Liferay Liferay Portal
6.1
CVSSv3
CVE-2017-12649
XSS exists in Liferay Portal prior to 7.0 CE GA4 via a crafted title or summary that is mishandled in the Web Content Display.
Liferay Liferay Portal
NA
CVE-2014-8349
Cross-site scripting (XSS) vulnerability in Liferay Portal Enterprise Edition (EE) 6.2 SP8 and previous versions allows remote authenticated users to inject arbitrary web script or HTML via the _20_body parameter in the comment field in an uploaded file.
Liferay Liferay Portal
7.5
CVSSv3
CVE-2020-24554
The redirect module in Liferay Portal prior to 7.3.3 does not limit the number of URLs resulting in a 404 error that is recorded, which allows remote malicious users to perform a denial of service attack by making repeated requests for pages that do not exist.
Liferay Liferay Portal
6.1
CVSSv3
CVE-2016-10404
XSS exists in Liferay Portal prior to 7.0 CE GA4 via a crafted redirect field to modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp.
Liferay Liferay Portal
7.5
CVSSv3
CVE-2022-28981
Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 up to and including 7.4.2 allows remote malicious users to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the `parameter` parameter.
Liferay Liferay Portal
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »