Lucene search
K

36 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2021-15687

Malware in sbrugna...

6.5CVSS6.4AI score0.01148EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-45205

Malicious code in bioql PyPI...

5.4CVSS5.6AI score0.00505EPSS
Exploits0References6
NVD
NVD
added 2024/02/21 2:15 a.m.14 views

CVE-2024-25602

Stored cross-site scripting XSS vulnerability in Users Admin module's edit user page in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject...

9CVSS7.3AI score0.00614EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/21 2:0 a.m.21 views

CVE-2024-25152

Stored cross-site scripting XSS vulnerability in Message Board widget in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web...

9CVSS7.4AI score0.00558EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/21 1:45 a.m.13 views

CVE-2024-25602

Stored cross-site scripting XSS vulnerability in Users Admin module's edit user page in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject...

9CVSS5.1AI score0.00614EPSS
Exploits0References1
NVD
NVD
added 2024/02/20 10:15 a.m.21 views

CVE-2024-25607

The default password hashing algorithm PBKDF2-HMAC-SHA1 in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions defaults to a low work factor, which allows attackers...

8.1CVSS8.1AI score0.00324EPSS
Exploits0References1
NVD
NVD
added 2024/02/20 8:15 a.m.13 views

CVE-2024-25150

Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page...

4.3CVSS4.3AI score0.00439EPSS
Exploits0References1
Prion
Prion
added 2024/02/08 4:15 a.m.15 views

Design/Logic Flaw

Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the...

5CVSS7.1AI score0.00593EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2024/01/31 3:21 p.m.17 views

BIT-LIFERAY-2022-26593

Cross-site scripting XSS vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the name of a asset category...

5.4CVSS5.4AI score0.00546EPSS
Exploits0References2
OSV
OSV
added 2024/01/31 3:19 p.m.20 views

BIT-LIFERAY-2022-42131

Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3...

4.8CVSS5.1AI score0.00338EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/05/24 1:20 p.m.34 views

CVE-2023-33938

Cross-site scripting XSS vulnerability in the App Builder module's custom object details page in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before update 14 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an App Builder custom object...

4.8CVSS6.1AI score0.00522EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/05/24 12:0 a.m.2 views

PT-2023-24587 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.3.1 through 7.4.3.17 Liferay DXP versions 7.3 before update 6 Liferay DXP versions 7.4 before update 18 Description: The issue allows attackers to execute arbitrary SQL commands via the name of a database table's...

8.1CVSS8.4AI score0.00549EPSS
Exploits0References9
NVD
NVD
added 2022/11/15 2:15 a.m.16 views

CVE-2022-42131

Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3...

4.8CVSS0.00338EPSS
Exploits0References3
OSV
OSV
added 2022/11/15 1:15 a.m.27 views

CVE-2022-42122

A SQL injection vulnerability in the Friendly Url module in Liferay Portal 7.3.7, and Liferay DXP 7.3 fix pack 2 through update 4 allows attackers to execute arbitrary SQL commands via a crafted payload injected into the title field of a friendly URL...

9.8CVSS8.5AI score0.00806EPSS
Exploits0References3
OSV
OSV
added 2022/11/15 1:15 a.m.22 views

CVE-2022-42119

Certain Liferay products are vulnerable to Cross Site Scripting XSS via the Commerce module. This affects Liferay Portal 7.3.5 through 7.4.2 and Liferay DXP 7.3 before update 8...

5.4CVSS6AI score0.00505EPSS
Exploits0References3
OSV
OSV
added 2022/11/15 12:15 a.m.21 views

CVE-2022-42110

A Cross-site scripting XSS vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML...

6.1CVSS6AI score0.00562EPSS
Exploits0References2
Prion
Prion
added 2022/11/15 12:15 a.m.20 views

Cross site scripting

A Cross-site scripting XSS vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML...

5.8CVSS6.1AI score0.00562EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2022/11/15 12:0 a.m.24 views

CVE-2022-42131

Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3...

5.4AI score0.00338EPSS
Exploits0References3
CVE
CVE
added 2022/11/15 12:0 a.m.62 views

CVE-2022-42122

CVE-2022-42122 affects Liferay Portal 7.3.7 and Liferay DXP 7.3 fix pack 2 through update 4, via the Friendly Url module. The vulnerability is an SQL injection in the title field of a friendly URL, allowing arbitrary SQL execution. The CVSS 3.1 base score is 9.8 (CRITICAL) with NETWORK attack vec...

9.8CVSS9.8AI score0.00806EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2022/11/15 12:0 a.m.22 views

CVE-2022-42119

Certain Liferay products are vulnerable to Cross Site Scripting XSS via the Commerce module. This affects Liferay Portal 7.3.5 through 7.4.2 and Liferay DXP 7.3 before update 8...

5.5AI score0.00505EPSS
Exploits0References3
Rows per page
Query Builder