liferay
340 tracked vulnerabilities.
CVE-2021-33324
MEDIUM
Liferay Portal/DXP - Privilege Escalation
Aug 03, 2021
CVSS 4.3
EPSS 0.00
CVE-2021-33323
HIGH
Liferay Portal/DXP <7.3.2/7.1 - Info Disclosure
Aug 03, 2021
CVSS 7.5
EPSS 0.00
CVE-2021-33322
HIGH
Liferay Portal <7.3.0 - Liferay DXP <7.2.5 - Info Disclosure
Aug 03, 2021
CVSS 7.5
EPSS 0.00
CVE-2021-33321
HIGH
Liferay Portal <7.3 - Info Disclosure
Aug 03, 2021
CVSS 7.5
EPSS 0.00
CVE-2021-33320
MEDIUM
Liferay Portal/DXP <7.3.1-7.2 - DoS
Aug 03, 2021
CVSS 4.3
EPSS 0.00
CVE-2021-29049
MEDIUM
Liferay DXP 7.0-7.3 - Cross-Site Scripting via Portal Workflow Edit Process Page currentURL Parameter
Jun 09, 2021
CVSS 6.1
EPSS 0.00
CVE-2021-29052
MEDIUM
Liferay DXP and Portal 7.3.0-7.3.5 - Authenticated Data Structure Exposure via Data Engine API
May 17, 2021
CVSS 4.3
EPSS 0.00
CVE-2021-29051
MEDIUM
Liferay DXP 7.1-7.3.5 Cross-Site Scripting via Asset Publisher
May 17, 2021
CVSS 6.1
EPSS 0.00
CVE-2021-29048
MEDIUM
Liferay Portal 7.3.4-7.3.5 and DXP < 7.2.10.fp11 - Cross-Site Scripting via GroupPagesPortlet Name Parameter
May 17, 2021
CVSS 6.1
EPSS 0.00
CVE-2021-29053
HIGH
Liferay DXP 7.3.5 and 7.3 < 7.3.10.fp1 - Authenticated SQL Injection via classPKField Parameter
May 17, 2021
CVSS 8.8
EPSS 0.00
CVE-2021-29046
MEDIUM
Liferay DXP 7.3.5 and 7.3 < fp1 - Cross-Site Scripting via Asset Category Selector Title Parameter
May 17, 2021
CVSS 6.1
EPSS 0.00
CVE-2021-29045
MEDIUM
Liferay DXP & Portal 7.3.2-7.3.5 XSS via Redirect Portlet Destination URL
May 17, 2021
CVSS 6.1
EPSS 0.00
CVE-2021-29044
MEDIUM
Liferay Portal 7.0.0-7.3.5 & DXP 7.0-7.3 - Stored XSS via Site Membership Request Comments
May 17, 2021
CVSS 6.1
EPSS 0.00
CVE-2021-29043
MEDIUM
Liferay Digital Experience Platform < 7.3.5 - Insufficiently Protected Credentials
May 17, 2021
CVSS 5.9
EPSS 0.00
CVE-2021-29047
HIGH
Liferay Portal 7.3.4-7.3.5 and DXP < 7.3.10.fp1 - Improper Authentication via SimpleCaptcha Reuse
May 16, 2021
CVSS 7.5
EPSS 0.00
CVE-2021-29041
MEDIUM
Liferay DXP < 7.3 - Authenticated Denial of Service via Multi-Factor Authentication TOTP Manipulation
May 16, 2021
CVSS 6.5
EPSS 0.01
CVE-2021-29040
MEDIUM
Liferay Digital Experience Platform < 7.0 and 7.3.4 - Information Disclosure via Verbose Error Messages
May 16, 2021
CVSS 5.3
EPSS 0.00
CVE-2021-29039
MEDIUM
Liferay Portal 7.3.4 - Stored Cross-Site Scripting in Asset Module Site Name
May 16, 2021
CVSS 6.1
EPSS 0.00
CVE-2020-28885
HIGH
Liferay Portal 7.2.0 GA1 and 7.3.5 GA6 - Authenticated OS Command Injection via Gogo Shell Module
Jan 28, 2022
CVSS 7.2
EPSS 0.01
CVE-2020-28884
HIGH
Liferay Portal 7.2.0 GA1 and 7.3.5 GA6 - Authenticated OS Command Injection via Groovy Script
Jan 28, 2022
CVSS 7.2
EPSS 0.04
CVE-2020-25476
MEDIUM
Liferay Portal 7.1.3 and 7.2.1 - Stored Cross-Site Scripting via User Profile Fields
Jan 07, 2021
CVSS 6.1
EPSS 0.00
CVE-2020-15840
MEDIUM
Liferay Portal <7.3.1 - Auth Bypass
Sep 24, 2020
CVSS 5.3
EPSS 0.00
CVE-2020-15839
MEDIUM
Liferay Portal < 7.3.3 and Liferay DXP 7.1-7.2 - Authenticated Denial of Service via Large File Upload
Sep 22, 2020
CVSS 6.5
EPSS 0.01
CVE-2020-24554
HIGH
Liferay Portal < 7.3.3 - Denial of Service via Redirect Module
Sep 01, 2020
CVSS 7.5
EPSS 0.01
CVE-2020-15842
HIGH
Liferay Portal < 7.3.0 and Liferay DXP 7.0-7.2 - Remote Code Execution via Insecure Deserialization
Jul 20, 2020
CVSS 8.1
EPSS 0.01