liferay

340 tracked vulnerabilities.

CVE-2024-25151 MEDIUM
Liferay Portal 7.2.0-7.4.2, Liferay DXP 7.3 - XSS
Feb 21, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-26269 CRITICAL
Liferay Portal 7.2.0-7.4.3.37 and DXP < 7.4 Update 38 - Cross-Site Scripting via URL Anchor
Feb 21, 2024
CVSS 9.6
EPSS 0.00
CVE-2024-26266 CRITICAL
Liferay Portal 7.2.0-7.4.3.13 & DXP <7.4U10 - Authenticated Stored XSS via Announcement Widget
Feb 21, 2024
CVSS 9.0
EPSS 0.00
CVE-2024-25603 CRITICAL
Liferay Portal 7.2.0-7.4.3.4 & DXP <7.4.13 - Authenticated Stored XSS via DDMForm instanceId
Feb 21, 2024
CVSS 9.0
EPSS 0.00
CVE-2024-25602 CRITICAL
Liferay Portal/DXP <7.4.2-SP3 - XSS
Feb 21, 2024
CVSS 9.0
EPSS 0.00
CVE-2024-25601 CRITICAL
Liferay Portal/DXP <7.4.2-SP3 - XSS
Feb 21, 2024
CVSS 9.0
EPSS 0.00
CVE-2024-25152 CRITICAL
Liferay Portal/DXP <7.4.2/7.3 - Authenticated XSS
Feb 21, 2024
CVSS 9.0
EPSS 0.00
CVE-2024-25147 CRITICAL
Liferay Portal/DXP <7.4.1-SP3 - XSS
Feb 21, 2024
CVSS 9.6
EPSS 0.00
CVE-2024-26270 MEDIUM
Liferay Portal/DXP - Info Disclosure
Feb 20, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-26268 MEDIUM
Liferay Portal 7.2.0-7.4.3.26 and DXP < 7.4 Update 27 - User Enumeration via Response Time Discrepancy
Feb 20, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-26267 MEDIUM
Liferay Portal <7.4.3.25, Liferay DXP <7.4 - Info Disclosure
Feb 20, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-26265 MEDIUM
Liferay Portal 7.2.0-7.4.3.15 & DXP <7.4 U16 - Authenticated Arbitrary File Upload
Feb 20, 2024
CVSS 5.0
EPSS 0.01
CVE-2024-25610 CRITICAL
Liferay Portal <7.4.3.12 & DXP <7.2 - XSS
Feb 20, 2024
CVSS 9.0
EPSS 0.00
CVE-2024-25609 MEDIUM
Liferay Portal 7.2.0-7.4.3.12 & DXP - Open Redirect
Feb 20, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-25608 MEDIUM NUCLEI
Liferay Portal - Open Redirect
Feb 20, 2024
CVSS 6.1
EPSS 0.18
CVE-2024-25607 HIGH
Liferay Portal/DXP - Info Disclosure
Feb 20, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-25606 HIGH
Liferay Portal <7.4.3.7 & DXP <7.4 - Info Disclosure
Feb 20, 2024
CVSS 8.0
EPSS 0.00
CVE-2024-25605 MEDIUM
Liferay Portal <7.4.3.4 - Info Disclosure
Feb 20, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-25604 MEDIUM
Liferay Portal <7.4.3.4 - Privilege Escalation
Feb 20, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-25150 MEDIUM
Liferay Portal/DXP - Info Disclosure
Feb 20, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-25149 MEDIUM
Liferay Digital Experience Platform 7.2.0-7.4.1 - Authenticated Incorrect Authorization via Child Site Membership
Feb 20, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-25148 MEDIUM
Liferay Portal/DXP <7.4.1-SP3, 7.2<FP15 - Privilege Escalation
Feb 08, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-25146 MEDIUM
Liferay Portal/DXP - Info Disclosure
Feb 08, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-25144 MEDIUM
Liferay Portal/DXP <7.4.3.26-7.2 - DoS
Feb 08, 2024
CVSS 4.1
EPSS 0.00
CVE-2024-25145 CRITICAL
Liferay Portal <7.4.3.11 - Liferay DXP <7.2 - XSS
Feb 07, 2024
CVSS 9.6
EPSS 0.00
Products
liferay_portal 319 digital_experience_platform 264 dxp 39 liferay_enterprise_portal 9 DXP 2 Portal 2 portal 2 liferay 1 liferay_portal_enterprise 1
Quick Filters
Critical CVEs With Exploits In CISA KEV