Lucene search
K

15 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-22930

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00481EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/09/30 12:0 a.m.5 views

PT-2025-40047

Cross-site scripting XSS vulnerability in web content template in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted...

4.8CVSS5.8AI score0.00197EPSS
Exploits0References6
CVE
CVE
added 2025/09/29 10:9 p.m.12 views

CVE-2025-43812

Summary: CVE-2025-43812 is a cross-site scripting (XSS) vulnerability in Liferay Portal/DXP web content templates. The issue stems from improper validation in the Name field of a web content structure, allowing remote authenticated users to inject arbitrary HTML/JS. Affected products and versions...

5.4CVSS5.4AI score0.00197EPSS
Exploits0References1Affected Software2
CNNVD
CNNVD
added 2025/09/29 12:0 a.m.3 views

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

5.4CVSS5.8AI score0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:0 a.m.11 views

CVE-2024-25605

The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attacke...

5.3CVSS7AI score0.00481EPSS
Exploits0References1
Snyk
Snyk
added 2024/02/20 9:30 a.m.1 views

Incorrect Default Permissions

Overview com.liferay:com.liferay.journal.web is a Liferay Journal Web Affected versions of this package are vulnerable to Incorrect Default Permissions due to the default assignment of view permissions to guest users for web content templates via the UI or API. Remediation Upgrade...

6.9CVSS6.9AI score0.00481EPSS
Exploits0References2
OSV
OSV
added 2024/02/20 9:30 a.m.2 views

GHSA-MF8H-GRFG-J9J3 Liferay Portal and Liferay DXP Allows Templates to be Viewed via the UI or API

The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attacke...

5.3CVSS7.2AI score0.00481EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/02/20 9:30 a.m.5 views

Liferay Portal and Liferay DXP Allows Templates to be Viewed via the UI or API

The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attacke...

5.3CVSS5.1AI score0.00481EPSS
Exploits0References5Affected Software2
NVD
NVD
added 2024/02/20 9:15 a.m.19 views

CVE-2024-25605

The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attacke...

5.3CVSS5.3AI score0.00481EPSS
Exploits0References1
OSV
OSV
added 2024/02/20 9:15 a.m.3 views

CVE-2024-25605

The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attacke...

5.3CVSS5.8AI score0.00481EPSS
Exploits0References1
Prion
Prion
added 2024/02/20 9:15 a.m.26 views

Code injection

The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attacke...

5CVSS7.2AI score0.00481EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/20 8:51 a.m.12 views

CVE-2024-25605

The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attacke...

5.3CVSS7.2AI score0.00481EPSS
Exploits0References1
CVE
CVE
added 2024/02/20 8:51 a.m.107 views

CVE-2024-25605

The CVE-2024-25605 issue affects Liferay Portal/DXP: The Journal module (versions 7.2.0–7.4.3.4; DXP 7.4.13; 7.3 before SP3; 7.2 before FP17) grants guest users view permission to web content templates by default, enabling viewing of templates via UI or API. Root cause is Incorrect/Default Permis...

5.3CVSS5.2AI score0.00481EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.5 views

PT-2024-21034 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.2.0 through 7.4.3.4 Liferay DXP versions 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17 Description: The Journal module in Liferay Portal grants guest users view permission to web content templates by...

5.3CVSS7.3AI score0.00481EPSS
Exploits0References10
CNNVD
CNNVD
added 2024/02/20 12:0 a.m.5 views

Liferay Portal and Liferay DXP Security Vulnerabilities

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

5.3CVSS6.8AI score0.00481EPSS
Exploits0References2
Rows per page
Query Builder