Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / Vendors / liferay

liferay

340 tracked vulnerabilities.

CVE-2020-15841 HIGH

Liferay Portal <7.3.0 & Liferay DXP <7.0-7.2 - Info Disclosure

CVE-2020-13445 HIGH

Liferay Portal <7.3.2 & DXP 7.0-7.2 - RCE

CVE-2020-13444 MEDIUM

Liferay Portal/DXP <7.3.2/7.0-7.1-7.2 - Info Disclosure

CVE-2020-7961 CRITICAL KEVNUCLEI

Liferay Portal <7.2.1 CE GA2 - Code Injection

CVE-2020-7934 MEDIUM

Liferay Portal 7.1.0-7.2.1 GA2 - Stored Cross-Site Scripting in User Account Name Fields

CVE-2019-16891 CRITICAL

Liferay Portal CE 6.2.5 - Code Injection

CVE-2019-16147 MEDIUM

Liferay Portal < 7.2.0 - Cross-Site Scripting via Journal Article Title

CVE-2019-6588 MEDIUM

Liferay Portal < 7.1 CE GA4 - Cross-Site Scripting via SimpleCaptcha URL Parameter

CVE-2019-11444 HIGH

Liferay Portal CE 7.1.2 GA3 - Command Injection

CVE-2018-10795 HIGH

Liferay Portal < 6.2.5 - Authenticated Unrestricted Upload of File with Dangerous Type via FCKeditor Configuration

CVE-2017-1000425 MEDIUM

Liferay Portal < 7.0.3_ga4 - Cross-Site Scripting via Flash.jsp Movie Parameter

CVE-2017-17868 MEDIUM

Liferay Portal 6.1.0 - Cross-Site Scripting via Public Render Parameter

CVE-2017-12649 MEDIUM

Liferay Portal < 7.0 - Cross-Site Scripting via Web Content Display Title or Summary

CVE-2017-12648 MEDIUM

Liferay Portal < 7.0 - Cross-Site Scripting via Bookmark URL

CVE-2017-12647 MEDIUM

Liferay Portal < 7.0 - Cross-Site Scripting via Knowledge Base Article Title

CVE-2017-12646 MEDIUM

Liferay Portal < 7.0 - Cross-Site Scripting via Login Name, Password, or Email Address

CVE-2017-12645 MEDIUM

Liferay Portal < 7.0 - Cross-Site Scripting via Invalid PortletId

CVE-2016-10404 MEDIUM

Liferay Portal < 7.0 - Cross-Site Scripting via Redirect Field in init.jsp

CVE-2016-6517 CRITICAL

Liferay 5.1.0 - Path Traversal via minifierBundleDir Parameter

CVE-2016-3670 MEDIUM

Liferay Portal < 6.2 - Stored Cross-Site Scripting via Profile Search FirstName Field

Liferay Portal < 6.2 - Authenticated Cross-Site Scripting via Comment Field

Liferay Portal 6.1.2 CE GA3, 6.1.X EE, and 6.2.X EE - Stored Cross-Site Scripting via User Name Parameters

Liferay Portal 5.1.0-5.1.1 and 5.0.0-6.0.5 - Remote Code Execution in XSL Content Portlet

Liferay Portal 6.0.0-6.0.5 - Authenticated Cross-Site Scripting via Message Title

Liferay Portal 5.x and 6.x < 6.0.6 GA - Authenticated Cross-Site Scripting via Blog Title

Previous Page 13 of 14 Next

Products

liferay_portal 319 digital_experience_platform 264 dxp 39 liferay_enterprise_portal 9 DXP 2 Portal 2 portal 2 liferay 1 liferay_portal_enterprise 1

Quick Filters

Critical CVEs With Exploits In CISA KEV

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy