liferay

340 tracked vulnerabilities.

CVE-2024-25143 MEDIUM
Liferay Digital Experience Platform 7.2.0-7.3.6 - Authenticated Denial of Service via PNG Preview Generation
Feb 07, 2024
CVSS 6.5
EPSS 0.01
CVE-2023-37940 MEDIUM
Liferay Portal 7.0.0-7.4.3.87 & DXP 7.4 GA-87, 7.3 GA-29 - Stored XSS via Service Access Policy
Dec 17, 2024
CVSS 4.8
EPSS 0.00
CVE-2023-47795 CRITICAL
Liferay Portal 7.4.3.18-101 & DXP 2023.Q3-U92 Authenticated Stored XSS in Document Title
Feb 21, 2024
CVSS 9.0
EPSS 0.00
CVE-2023-42498 CRITICAL
Liferay Portal 7.4.3.8-7.4.3.97 & DXP 2023.Q3 < patch 5 - Reflected XSS via Language Override
Feb 21, 2024
CVSS 9.6
EPSS 0.00
CVE-2023-42496 CRITICAL
Liferay Portal 7.3.3-7.4.3.97 & DXP <2023.Q3.6/7.4.92/7.3.34 - XSS via RolesAdminPortlet tabs2
Feb 21, 2024
CVSS 9.6
EPSS 0.00
CVE-2023-40191 CRITICAL
Liferay Portal 7.4.3.44-7.4.3.97 and DXP 2023.Q3 - Reflected Cross-Site Scripting via Blocked Email Domains Text Field
Feb 21, 2024
CVSS 9.0
EPSS 0.00
CVE-2023-44308 MEDIUM
Liferay Digital Experience Platform - Open Redirect via Adaptive Media Administration Page
Feb 20, 2024
CVSS 6.1
EPSS 0.00
CVE-2023-5190 MEDIUM
Liferay DXP 7.4.3.45-7.4.3.101 & 2023.Q3 Open Redirect via Countries Management
Feb 20, 2024
CVSS 6.1
EPSS 0.00
CVE-2023-47798 MEDIUM
Liferay Portal/DXP <7.3.0 - Privilege Escalation
Feb 08, 2024
CVSS 5.4
EPSS 0.00
CVE-2023-47797 CRITICAL
Liferay Portal 7.4.3.94-7.4.3.95 - Reflected Cross-Site Scripting via p_l_back_url_title Parameter
Nov 17, 2023
CVSS 9.6
EPSS 0.00
CVE-2023-42627 CRITICAL
Liferay DXP 7.3.5-7.4.3.91 & DXP 7.3.33/7.4.92 - Stored XSS in Commerce Module
Oct 17, 2023
CVSS 9.6
EPSS 0.00
CVE-2023-42628 CRITICAL
Liferay DXP 7.0-7.4.3.87 Stored XSS in Wiki Widget Content Field
Oct 17, 2023
CVSS 9.0
EPSS 0.00
CVE-2023-44311 CRITICAL
Liferay Portal 7.4.3.41-89 & DXP 7.4 U41-89 - XSS via OAuth2 Redirect Parameters
Oct 17, 2023
CVSS 9.6
EPSS 0.00
CVE-2023-44310 CRITICAL
Liferay DXP 7.3.6-7.4.3.78 & 7.3 FP1-23 & 7.4 < U79 - Stored XSS in Page Tree Menu
Oct 17, 2023
CVSS 9.0
EPSS 0.00
CVE-2023-44309 CRITICAL
Liferay Portal 7.4.2-7.4.3.53 and DXP 7.4.0-7.4.13.u54 - Stored Cross-Site Scripting in Fragment Components
Oct 17, 2023
CVSS 9.0
EPSS 0.00
CVE-2023-42629 CRITICAL
Liferay DXP 7.4.2-7.4.3.87 < update 88 - Stored XSS in Vocabulary Description
Oct 17, 2023
CVSS 9.0
EPSS 0.00
CVE-2023-42497 CRITICAL
Liferay DXP 7.4.3.4-7.4.3.85 <7.4.86 - XSS via Translation Portlet Redirect
Oct 17, 2023
CVSS 9.6
EPSS 0.00
CVE-2023-3426 MEDIUM
Liferay Portal 7.4.3.81-7.4.3.85 and DXP 7.4 update 81-85 - Authenticated Missing Authorization in Organization Selector
Aug 02, 2023
CVSS 4.3
EPSS 0.00
CVE-2023-35030 HIGH
Liferay DXP 7.4.3.70-7.4.3.76 - Cross-Site Request Forgery via SEO Configuration BackURL Parameter
Jun 15, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-3193 MEDIUM
Liferay Portal/DXP 7.4.3.70-7.4.3.73 - XSS
Jun 15, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-35029 MEDIUM
Liferay DXP 7.4 update 70-76 / Portal 7.4.3.70-76 Open Redirect via SEO BackURL
Jun 15, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-33950 MEDIUM
Liferay Portal/DXP 7.4.3.48-7.4.3.76 - DoS
May 24, 2023
CVSS 6.5
EPSS 0.01
CVE-2023-33949 MEDIUM
Liferay Portal <7.3.0 & Liferay DXP <7.2 - Info Disclosure
May 24, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-33948 MEDIUM
Liferay Portal/DXP 7.4.3.67 - Info Disclosure
May 24, 2023
CVSS 5.3
EPSS 0.00
CVE-2023-33947 LOW
Liferay Portal/DXP <7.4.3.60 - Info Disclosure
May 24, 2023
CVSS 2.7
EPSS 0.00
Products
liferay_portal 319 digital_experience_platform 264 dxp 39 liferay_enterprise_portal 9 DXP 2 Portal 2 portal 2 liferay 1 liferay_portal_enterprise 1
Quick Filters
Critical CVEs With Exploits In CISA KEV