liferay

340 tracked vulnerabilities.

CVE-2022-25146 MEDIUM
Liferay Portal 7.4.3.4-7.4.3.8 and DXP < 7.4.13.u5 - CSRF Token Exfiltration via Remote App Event Message
Mar 03, 2022
CVSS 5.3
EPSS 0.00
CVE-2021-29038 MEDIUM
Liferay Portal 7.2.0-7.3.5 and Liferay DXP < 7.3 FP1 - Password Reminder Answer Exposure
Feb 20, 2024
CVSS 6.3
EPSS 0.00
CVE-2021-33990 CRITICAL
Liferay Portal 6.2.5 - OS Command Injection via File Upload Request
Apr 16, 2023
CVSS 9.8
EPSS 0.61
CVE-2021-38269 MEDIUM
Liferay Portal 7.1.0-7.3.6 and 7.4.0 - Stored Cross-Site Scripting via Gogo Shell Command Output
Mar 03, 2022
CVSS 5.4
EPSS 0.00
CVE-2021-38267 MEDIUM
Liferay Portal 7.3.2-7.3.6 & DXP 7.3 < FP2 - Stored XSS via Blog Entry Title/Subtitle
Mar 03, 2022
CVSS 5.4
EPSS 0.00
CVE-2021-38265 MEDIUM
Liferay Portal 7.3.4-7.3.6 - Stored Cross-Site Scripting via Asset List Portlet Title Parameter
Mar 03, 2022
CVSS 5.4
EPSS 0.00
CVE-2021-38264 MEDIUM
Liferay Portal 7.4.0-7.4.1 - Reflected Cross-Site Scripting via Keywords Parameter
Mar 03, 2022
CVSS 6.1
EPSS 0.00
CVE-2021-38263 MEDIUM
Liferay Portal <7.3.2 - Liferay DXP <7.0-7.2 - XSS
Mar 03, 2022
CVSS 6.1
EPSS 0.01
CVE-2021-38266 HIGH
Liferay Portal <7.2.1 - Auth Bypass
Mar 02, 2022
CVSS 7.5
EPSS 0.02
CVE-2021-38268 MEDIUM
Liferay Portal/DXP <7.4 - Privilege Escalation
Mar 02, 2022
CVSS 6.5
EPSS 0.00
CVE-2021-35463 MEDIUM
Liferay Portal 7.4.0 - Cross-Site Scripting via Management Toolbar Search Keywords Parameter
Aug 04, 2021
CVSS 6.1
EPSS 0.00
CVE-2021-33338 HIGH
Liferay Portal/DXP <7.3.2-7.2 - CSRF
Aug 04, 2021
CVSS 7.5
EPSS 0.00
CVE-2021-33337 MEDIUM
Liferay Portal/DXP <7.3.4-7.2.9 - XSS
Aug 04, 2021
CVSS 6.1
EPSS 0.00
CVE-2021-33339 MEDIUM
Liferay Portal 7.2.1-7.3.4 and DXP 7.2.0-7.2.9 - Cross-Site Scripting via Site Admin Portlet Name Parameter
Aug 04, 2021
CVSS 4.8
EPSS 0.00
CVE-2021-33336 MEDIUM
Liferay DXP 7.1 FP18, 7.2 FP5-7, 7.3.0-7.3.3 - Stored XSS via Journal Article Name
Aug 04, 2021
CVSS 5.4
EPSS 0.00
CVE-2021-33335 HIGH
Liferay Portal/DXP - Privilege Escalation
Aug 03, 2021
CVSS 7.2
EPSS 0.01
CVE-2021-33334 MEDIUM
Liferay Portal/DXP <7.3.2/7.0 - Info Disclosure
Aug 03, 2021
CVSS 4.3
EPSS 0.00
CVE-2021-33333 MEDIUM
Liferay Portal <7.3.2 & DXP <7.0-7.2 - Privilege Escalation
Aug 03, 2021
CVSS 6.3
EPSS 0.00
CVE-2021-33332 MEDIUM
Liferay Portal/DXP <7.3.2-7.2 - XSS
Aug 03, 2021
CVSS 6.1
EPSS 0.00
CVE-2021-33331 MEDIUM
Liferay Portal/DXP <7.3.1/7.0 - Open Redirect
Aug 03, 2021
CVSS 6.1
EPSS 0.00
CVE-2021-33330 MEDIUM
Liferay Portal/DXP <7.3.2 - Info Disclosure
Aug 03, 2021
CVSS 4.3
EPSS 0.00
CVE-2021-33328 MEDIUM
Liferay Digital Experience Platform 7.0.0-7.3.4 - Cross-Site Scripting via Asset Module Vocabulary Parameters
Aug 03, 2021
CVSS 5.4
EPSS 0.00
CVE-2021-33327 MEDIUM
Liferay Portal <7.3.4 - Privilege Escalation
Aug 03, 2021
CVSS 4.3
EPSS 0.00
CVE-2021-33326 MEDIUM
Liferay Portal <7.3.4 & Liferay DXP <7.0-7.2 - XSS
Aug 03, 2021
CVSS 6.1
EPSS 0.00
CVE-2021-33325 MEDIUM
Liferay Portal <7.3.2 - Info Disclosure
Aug 03, 2021
CVSS 4.9
EPSS 0.00
Products
liferay_portal 319 digital_experience_platform 264 dxp 39 liferay_enterprise_portal 9 DXP 2 Portal 2 portal 2 liferay 1 liferay_portal_enterprise 1
Quick Filters
Critical CVEs With Exploits In CISA KEV