Lucene search
K

12 matches found

Cvelist
Cvelist
added 2024/02/21 2:0 a.m.25 views

CVE-2024-25152

Stored cross-site scripting XSS vulnerability in Message Board widget in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web...

9CVSS7.4AI score0.00558EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/21 1:45 a.m.14 views

CVE-2024-25602

Stored cross-site scripting XSS vulnerability in Users Admin module's edit user page in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject...

9CVSS5.1AI score0.00619EPSS
Exploits0References1
NVD
NVD
added 2024/02/20 8:15 a.m.15 views

CVE-2024-25150

Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page...

4.3CVSS4.3AI score0.00439EPSS
Exploits0References1
OSV
OSV
added 2024/01/31 3:19 p.m.22 views

BIT-LIFERAY-2022-42131

Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3...

4.8CVSS5.1AI score0.00243EPSS
Exploits0References3
OSV
OSV
added 2023/10/25 6:20 a.m.56 views

BIT-2023-42629

Stored cross-site scripting XSS vulnerability in the manage vocabulary page in Liferay Portal 7.4.2 through 7.4.3.87, and Liferay DXP 7.4 before update 88 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a Vocabulary's 'description' text field...

9CVSS5.4AI score0.02239EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2023/10/17 12:0 a.m.4 views

Liferay Portal and Liferay DXP Cross-Site Scripting Vulnerabilities

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

9CVSS6AI score0.00462EPSS
Exploits0References2
NVD
NVD
added 2022/11/15 2:15 a.m.16 views

CVE-2022-42131

Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3...

4.8CVSS0.00243EPSS
Exploits0References2
Prion
Prion
added 2022/11/15 12:15 a.m.21 views

Cross site scripting

A Cross-site scripting XSS vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML...

5.8CVSS6.1AI score0.00562EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2022/11/15 12:0 a.m.6 views

PT-2022-26264 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.3.5 through 7.4.2 Liferay DXP 7.3 before update 8 Description: Certain Liferay products are vulnerable to Cross Site Scripting XSS via the Commerce module. Recommendations: For Liferay Portal versions 7.3.5 through...

5.4CVSS5.5AI score0.00392EPSS
Exploits0References13
Cvelist
Cvelist
added 2022/11/15 12:0 a.m.25 views

CVE-2022-42119

Certain Liferay products are vulnerable to Cross Site Scripting XSS via the Commerce module. This affects Liferay Portal 7.3.5 through 7.4.2 and Liferay DXP 7.3 before update 8...

5.5AI score0.00392EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/11/15 12:0 a.m.36 views

CVE-2022-42131

Certain Liferay products are affected by: Missing SSL Certificate Validation in the Dynamic Data Mapping module's REST data providers. This affects Liferay Portal 7.1.0 through 7.4.2 and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3...

5.4AI score0.00243EPSS
Exploits0References2
OSV
OSV
added 2022/11/15 12:0 a.m.23 views

CVE-2022-42119

Certain Liferay products are vulnerable to Cross Site Scripting XSS via the Commerce module. This affects Liferay Portal 7.3.5 through 7.4.2 and Liferay DXP 7.3 before update 8...

5.4CVSS6AI score0.00392EPSS
Exploits0References4
Rows per page
Query Builder