4 matches found
Cross-site Request Forgery (CSRF)
Overview com.liferay.portal:portal-impl is a Portal Impl Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the orderUuid parameter in the server license registration process. An attacker can register a server license without authorization by tricking an...
com.liferay.maven.plugins:liferay-maven-plugin (>=6.0.2 <=6.0.6), com.liferay.portal:util-taglib (>=6.0.2 <=6.0.6) +3 more potentially affected by CVE-2025-43809 via com.liferay.portal:portal-impl (>=6.0.2 <=6.0.6)
com.liferay.portal:portal-impl MAVEN version =6.0.2, =6.0.2, =6.0.2, =2.4, =1.0, =2.0, =2.5 Source cves: CVE-2025-43809 Source advisory: SNYK:JAVA-COMLIFERAYPORTAL-13003719...
au.com.permeance:liferay-clojure-integration (=0.1), com.liferay.maven.plugins:liferay-maven-plugin (>=6.0.2 <=6.0.6) +6 more potentially affected by CVE-2010-5327 via com.liferay.portal:portal-impl (>=5.2.3 <=6.2.1)
com.liferay.portal:portal-impl MAVEN version =5.2.3, =6.0.2, =6.1.2, =5.2.3, =2.4, =1.0, =2.0, =2.5 Source cves: CVE-2010-5327 Source advisory: OSV:GHSA-97GM-MCV6-CPHM...
Cross-site Scripting (XSS)
Liferay portal-impl is vulnerable to cross-site scripting XSS attacks. The library does not sanitize the portletID field when a portlet is deployed, allowing a malicious user to inject and execute arbitrary web script...