liferay

340 tracked vulnerabilities.

CVE-2022-42118 MEDIUM NUCLEI
Liferay Portal 7.1.0-7.4.2 and DXP - Cross-Site Scripting via Portal Search Tag Parameter
Nov 15, 2022
CVSS 6.1
EPSS 0.13
CVE-2022-42111 MEDIUM
Liferay Portal 7.2.1-7.4.2 and DXP 7.2-7.3 - Cross-Site Scripting in Sharing Module User Notification
Nov 15, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-42110 MEDIUM
Liferay Portal 7.1.0-7.4.2 and DXP - Cross-Site Scripting in Announcements Module
Nov 15, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-38901 MEDIUM
Liferay Digital Experience Platform 7.3.10 SP3 - XSS
Oct 19, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-42117 MEDIUM
Liferay DXP < 7.3 and 7.3.2-7.4.3.16 - Cross-Site Scripting in Frontend Taglib Module
Oct 18, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-42116 MEDIUM
Liferay DXP < 7.3 and 7.3.2-7.4.3.14 - Cross-Site Scripting via Frontend Editor CKEditor Name or Namespace Parameter
Oct 18, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-42115 MEDIUM
Liferay Portal 7.4.3.4-7.4.3.36 - Stored Cross-Site Scripting in Object Module Label Field
Oct 18, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-42114 MEDIUM
Liferay DXP < 7.4 and Portal 7.4.0-7.4.3.36 - Cross-Site Scripting in Role Module Edit Assignees Page
Oct 18, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-42113 MEDIUM
Liferay DXP 7.4.3.30-7.4.3.36 - Cross-Site Scripting via Document Library Redirect Parameter
Oct 18, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-42112 MEDIUM
Liferay Digital Experience Platform < 7.2 - Cross-Site Scripting in Portal Search Sort Widget
Oct 18, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-38902 MEDIUM
Liferay Digital Experience Platform 7.3.10 SP3 - XSS
Oct 13, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-41414 MEDIUM
Liferay Portal <7.4.2 - Info Disclosure
Oct 07, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-38512 MEDIUM
Liferay Portal/DXP <7.4.3.37 - Info Disclosure
Sep 22, 2022
CVSS 6.5
EPSS 0.00
CVE-2022-28981 HIGH
Liferay Portal <7.4.3 - Path Traversal
Sep 22, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-28980 MEDIUM
Liferay DXP and Portal < 7.4.3.5 - Cross-Site Scripting via filter_ Parameters
Sep 22, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-28977 MEDIUM
Liferay Portal 7.3.1-7.4.2 & DXP - Open Redirect
Sep 22, 2022
CVSS 6.1
EPSS 0.01
CVE-2022-39975 MEDIUM
Liferay DXP 7.3-7.4 and Liferay Portal 7.3.3-7.4.3.34 - Unauthenticated Information Disclosure via Content Page Preview
Sep 22, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-28982 MEDIUM
Liferay DXP 7.3.3-7.4.2 and Liferay Portal 7.3.3-7.4.2 - Stored Cross-Site Scripting via Asset Tag Name
Sep 22, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-28979 MEDIUM
Liferay Portal/DXP <7.4.2, 7.3 - XSS
Sep 22, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-28978 MEDIUM
Liferay Portal/DXP <7.4.1-7.3 - XSS
Sep 22, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-26597 MEDIUM
Liferay Portal 7.3.0-7.4.0 & DXP <7.3.10.fp3 XSS via Site Name in Layout Module
Apr 25, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-26596 MEDIUM
Liferay Portal/DXP <7.3.3/7.0 FP94, 7.1 FP19, 7.2 FP8 - XSS
Apr 25, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-26595 MEDIUM
Liferay Portal/DXP - Info Disclosure
Apr 19, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-26593 MEDIUM
Liferay Portal 7.3.3-7.4.0 and DXP < 7.3.3 SP3 - Stored Cross-Site Scripting in Asset Categories Selector
Apr 19, 2022
CVSS 5.4
EPSS 0.00
CVE-2022-26594 MEDIUM
Liferay Portal 7.3.5-7.4.0 and DXP < 7.3.10.fp3 - Stored Cross-Site Scripting via Form Field Help Text
Apr 15, 2022
CVSS 6.1
EPSS 0.00
Products
liferay_portal 319 digital_experience_platform 264 dxp 39 liferay_enterprise_portal 9 DXP 2 Portal 2 portal 2 liferay 1 liferay_portal_enterprise 1
Quick Filters
Critical CVEs With Exploits In CISA KEV