Lucene search
+L

4 matches found

snyk
snyk
added 2025/09/19 9:31 p.m.5 views

Cross-site Request Forgery (CSRF)

Overview com.liferay.portal:portal-impl is a Portal Impl Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the orderUuid parameter in the server license registration process. An attacker can register a server license without authorization by tricking an...

5.1CVSS6.5AI score0.00169EPSS
Exploits0References2
vulnersosv
vulnersosv
added 2025/09/19 9:31 p.m.8 views

com.liferay.maven.plugins:liferay-maven-plugin (>=6.0.2 <=6.0.6), com.liferay.portal:util-taglib (>=6.0.2 <=6.0.6) +3 more potentially affected by CVE-2025-43809 via com.liferay.portal:portal-impl (>=6.0.2 <=6.0.6)

com.liferay.portal:portal-impl MAVEN version =6.0.2, =6.0.2, =6.0.2, =2.4, =1.0, =2.0, =2.5 Source cves: CVE-2025-43809 Source advisory: SNYK:JAVA-COMLIFERAYPORTAL-13003719...

5.1CVSS5.8AI score0.00169EPSS
Exploits0
vulnersosv
vulnersosv
added 2022/05/17 3:5 a.m.9 views

au.com.permeance:liferay-clojure-integration (=0.1), com.liferay.maven.plugins:liferay-maven-plugin (>=6.0.2 <=6.0.6) +6 more potentially affected by CVE-2010-5327 via com.liferay.portal:portal-impl (>=5.2.3 <=6.2.1)

com.liferay.portal:portal-impl MAVEN version =5.2.3, =6.0.2, =6.1.2, =5.2.3, =2.4, =1.0, =2.0, =2.5 Source cves: CVE-2010-5327 Source advisory: OSV:GHSA-97GM-MCV6-CPHM...

8.8CVSS7.2AI score0.02733EPSS
Exploits0
veracode
veracode
added 2017/08/08 5:20 p.m.21 views

Cross-site Scripting (XSS)

Liferay portal-impl is vulnerable to cross-site scripting XSS attacks. The library does not sanitize the portletID field when a portlet is deployed, allowing a malicious user to inject and execute arbitrary web script...

6.1CVSS6AI score0.00611EPSS
Exploits3References2Affected Software2
Rows per page
Query Builder