Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 11:28 a.m.6 views

CVE-2021-33332

Cross-site scripting XSS vulnerability in the Portlet Configuration module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, allows remote attackers to inject arbitrary web script or HTML via the...

6.1CVSS5.9AI score0.00845EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2014-3430

Malware in sbrugna...

6.5CVSS6.4AI score0.01066EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2022/10/07 6:15 p.m.6 views

com.liferay:com.liferay.css.builder (>=1.0.8 <=1.0.14), com.liferay:com.liferay.deployment.helper (>=1.0.0 <=1.0.2) +8 more potentially affected by CVE-2022-41414 via com.liferay.portal:portal-impl (=7.0.0-nightly)

com.liferay.portal:portal-impl MAVEN version =7.0.0-nightly is affected by a known vulnerability. The following packages have a transitive dependency on com.liferay.portal:portal-impl and may be impacted: - com.liferay:com.liferay.css.builder =1.0.8, =1.0.0, =1.0.6, =1.0.3, =1.0.3, =1.0.47,...

5.3CVSS6AI score0.00427EPSS
Exploits0
NVD
NVD
added 2021/08/03 9:15 p.m.26 views

CVE-2021-33332

Cross-site scripting XSS vulnerability in the Portlet Configuration module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, allows remote attackers to inject arbitrary web script or HTML via the...

6.1CVSS0.00845EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/08/03 8:58 p.m.30 views

CVE-2021-33332

Cross-site scripting XSS vulnerability in the Portlet Configuration module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, allows remote attackers to inject arbitrary web script or HTML via the...

6.2AI score0.00845EPSS
Exploits0References2
OSV
OSV
added 2021/08/03 7:15 p.m.21 views

CVE-2021-33327

The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3, and Liferay DXP 7.0 fix pack pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix pack 8, does not properly check user permission, which allows remote authenticated users to view the Guest and User role even if "Role Visibilit...

4.3CVSS6.5AI score
Exploits0References2
NVD
NVD
added 2021/08/03 7:15 p.m.17 views

CVE-2021-33327

The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3, and Liferay DXP 7.0 fix pack pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix pack 8, does not properly check user permission, which allows remote authenticated users to view the Guest and User role even if "Role Visibilit...

4.3CVSS0.00861EPSS
Exploits0References2
Prion
Prion
added 2021/08/03 7:15 p.m.17 views

Design/Logic Flaw

The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3, and Liferay DXP 7.0 fix pack pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix pack 8, does not properly check user permission, which allows remote authenticated users to view the Guest and User role even if "Role Visibilit...

4CVSS4.4AI score0.00861EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2021/08/03 6:46 p.m.28 views

CVE-2021-33327

The Portlet Configuration module in Liferay Portal 7.2.0 through 7.3.3, and Liferay DXP 7.0 fix pack pack 93 and 94, 7.1 fix pack 18, and 7.2 before fix pack 8, does not properly check user permission, which allows remote authenticated users to view the Guest and User role even if "Role Visibilit...

4.7AI score0.00861EPSS
Exploits0References2
CVE
CVE
added 2014/05/29 2:0 p.m.45 views

CVE-2014-3417

CVE-2014-3417 affects uPortal before 4.0.13.1. The issue is an improper check of the CONFIG permission, allowing remote authenticated users to configure portlets by leveraging the SUBSCRIBE permission for a portlet. The description implies a fix in 4.0.13.1; no exploitation details or in-the-wild...

6.5CVSS6.4AI score0.01066EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder