liferay

340 tracked vulnerabilities.

CVE-2023-33946 LOW
Liferay Portal/DXP <7.4.3.49 - Info Disclosure
May 24, 2023
CVSS 2.7
EPSS 0.00
CVE-2023-33945 MEDIUM
Liferay Portal/DXP <7.4.3.17/7.4 - SQL Injection
May 24, 2023
CVSS 6.4
EPSS 0.00
CVE-2023-33944 MEDIUM
Liferay Portal/DXP <7.4.3.68 - Liferay DXP <7.4 - XSS
May 24, 2023
CVSS 4.8
EPSS 0.00
CVE-2023-33943 MEDIUM
Liferay Portal/DXP 7.4.3.21-7.4.3.62 - XSS
May 24, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-33942 MEDIUM
Liferay Portal 7.4.3.50 and DXP 7.4 Update 50 - Stored Cross-Site Scripting via Web Content Article Title Field
May 24, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-33941 MEDIUM
Liferay Portal/DXP 7.4.3.41-7.4.3.52 - XSS
May 24, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-33940 MEDIUM
Liferay DXP 7.4.0-7.4.3.30 < 7.4.31 - Cross-Site Scripting via Remote App IFrame URL
May 24, 2023
CVSS 4.8
EPSS 0.00
CVE-2023-33939 MEDIUM
Liferay Portal/DXP <7.4.3.12-7.1 - XSS
May 24, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-33938 MEDIUM
Liferay Portal 7.3.0-7.4.0 & DXP 7.3 < U14 - Stored XSS via App Builder Custom Object
May 24, 2023
CVSS 4.8
EPSS 0.00
CVE-2023-33937 MEDIUM
Liferay Portal/DXP <7.3.0-7.2 - XSS
May 24, 2023
CVSS 5.4
EPSS 0.00
CVE-2022-45320 MEDIUM
Liferay DXP <7.2 & Portal <7.4.3.16 - Authenticated Access Control Bypass via Wiki Ownership
Feb 20, 2024
CVSS 6.3
EPSS 0.00
CVE-2022-42132 MEDIUM
Liferay Portal 7.0.0-7.4.3.4 & DXP 7.0-7.4 GA - Sensitive Information Exposure via LDAP Pagination
Nov 15, 2022
CVSS 5.9
EPSS 0.00
CVE-2022-42131 MEDIUM
Liferay Digital Experience Platform - Missing SSL Certificate Validation in Dynamic Data Mapping REST Data Providers
Nov 15, 2022
CVSS 4.8
EPSS 0.00
CVE-2022-42130 MEDIUM
Liferay DXP 7.1.0-7.4.3.4 - Authenticated Incorrect Default Permissions in Dynamic Data Mapping
Nov 15, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-42129 MEDIUM
Liferay Portal 7.3.2-7.4.3.4 & DXP 7.3-7.4 GA - IDOR via Dynamic Data Mapping Form Instance Record ID
Nov 15, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-42128 MEDIUM
Liferay Portal 7.4.1-7.4.3.4 and Liferay DXP 7.4 GA - Incorrect Default Permissions in Hypermedia REST APIs
Nov 15, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-42127 MEDIUM
Liferay Portal 7.4.3.5-7.4.3.36 and DXP 7.4 update 1-36 - Unauthenticated Information Disclosure via Friendly URL Module
Nov 15, 2022
CVSS 5.3
EPSS 0.00
CVE-2022-42126 MEDIUM
Liferay Portal 7.3.5-7.4.3.28 and DXP 7.3-7.4 - Authenticated Improper Access Control in Asset Libraries
Nov 15, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-42125 HIGH
Liferay Portal 7.4.3.5-7.4.3.35 & DXP 7.4 U1-34 - Path Traversal & Arbitrary File Write
Nov 15, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-42124 HIGH
Liferay Portal 7.3.2-7.4.3.4 & DXP 7.2 FP9-18, 7.3 < U4, 7.4 GA - ReDoS in LayoutPageTemplateEntryUpgradeProcess
Nov 15, 2022
CVSS 7.5
EPSS 0.01
CVE-2022-42123 HIGH
Liferay Portal 7.3.3-7.4.3.18 and DXP 7.3-7.4 - Path Traversal via Elasticsearch Sidecar Plugin Installation
Nov 15, 2022
CVSS 7.5
EPSS 0.00
CVE-2022-42122 CRITICAL
Liferay DXP 7.3.7 and 7.3.10.fp2-7.3.10.u3 - SQL Injection via Friendly URL Title Field
Nov 15, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-42121 HIGH
Liferay Portal 7.1.3-7.4.3.4 and DXP - Authenticated SQL Injection via Page Template Name Field
Nov 15, 2022
CVSS 8.8
EPSS 0.01
CVE-2022-42120 CRITICAL
Liferay DXP 7.3.3-7.4.3.16 - SQL Injection via PortletPreferences Namespace Attribute
Nov 15, 2022
CVSS 9.8
EPSS 0.01
CVE-2022-42119 MEDIUM
Liferay Portal 7.3.5-7.4.2 and DXP < 7.3.10.u8 - Cross-Site Scripting via Commerce Module
Nov 15, 2022
CVSS 5.4
EPSS 0.01
Products
liferay_portal 319 digital_experience_platform 264 dxp 39 liferay_enterprise_portal 9 DXP 2 Portal 2 portal 2 liferay 1 liferay_portal_enterprise 1
Quick Filters
Critical CVEs With Exploits In CISA KEV