CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

115 matches found

RedhatCVE•added 2026/01/09 11:28 a.m.•4 views

CVE-2021-33323

The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, autosaves form values for unauthenticated users, which allows remote attackers to view the autosaved values by viewing the form as an unauthenticated user...

7.5CVSS7.1AI score0.00417EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 11:28 a.m.•5 views

CVE-2021-33334

The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 6, does not properly check user permissions, which allows remote attackers with the forms "Access in Site Administration" permission to vi...

4.3CVSS6.7AI score0.00081EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:51 a.m.•4 views

CVE-2022-42131

Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3...

4.8CVSS6.8AI score0.0013EPSS

Exploits0References1

Snyk•added 2025/10/31 9:31 p.m.•1 views

Cross-site Scripting (XSS)

Overview com.liferay:com.liferay.dynamic.data.mapping.item.selector.web is a Liferay Dynamic Data Mapping Item Selector Web Affected versions of this package are vulnerable to Cross-site Scripting XSS via the select structure page when processing user input in the First Name, Middle Name, or Last...

6.1CVSS5.5AI score0.0003EPSS

Exploits0References2

Veracode•added 2025/10/28 4:27 a.m.•2 views

Cross-site Scripting (XSS)

com.liferay, com.liferay.dynamic.data.mapping.form.field.type is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper validation of user-supplied input in rich text type fields within objects, which allows an attacker to inject and execute arbitrary web scripts or HTML...

6.1CVSS6.8AI score0.00044EPSS

Exploits0References3Affected Software2

Snyk•added 2025/10/22 9:31 p.m.•1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the definition parameter of the Dynamic Data Mapping portlet. An authenticated attacker can execute arbitrary JavaScript code in the context of a user's browser by crafting a malicious request and tricking a...

4.8CVSS5.2AI score0.00028EPSS

Exploits0References2

NVD•added 2025/10/22 7:15 p.m.•2 views

CVE-2025-62248

A reflected cross-site scripting XSS vulnerability, resulting from a regression, has been identified in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through...

4.8CVSS0.00028EPSS

Exploits0References1

Vulnrichment•added 2025/10/22 7:7 p.m.•2 views

CVE-2025-62248

4.8CVSS5.7AI score0.00028EPSS

Exploits0References1

CVE•added 2025/10/22 7:7 p.m.•4 views

CVE-2025-62248

A reflected cross-site scripting (XSS) vulnerability (CVE-2025-62248) affecting Liferay Portal 7.4.0–7.4.3.132 and Liferay DXP 2025.Q1.0–Q2.9, 2024.Q1.1–Q4.7, 2024.Q3.1–Q3.13, 2024.Q2.1–Q2.13. Regression allows a remote, authenticated attacker to inject and execute JavaScript via the _com_liferay...

4.8CVSS5.7AI score0.00028EPSS

Exploits0References1Affected Software2

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-20042

Malware in sbrugna...

4.3CVSS4.7AI score0.00081EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-20032

Malware in sbrugna...

7.5CVSS7.5AI score0.00417EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-24726

Malware in sbrugna...

6.5CVSS6.4AI score0.00119EPSS

Exploits0References8

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-25220