Dxp@* Security Vulnerabilities and Issues — Dxp@* CVE List

Lucene search

LiferayDxp*

8 matches found

CVE•added 2024/02/20 10:15 p.m.•3225 views

CVE-2021-29050

Cross-Site Request Forgery (CSRF) vulnerability in the terms of use page in Liferay Portal before 7.3.6, and Liferay DXP 7.3 before service pack 1, 7.2 before fix pack 11 allows remote attackers to accept the site's terms of use via social engineering and enticing the user to visit a malicious page...

8.8CVSS7AI score0.00303EPSS

CVE•added 2021/05/16 4:15 p.m.•64 views

CVE-2021-29041

Denial-of-service (DoS) vulnerability in the Multi-Factor Authentication module in Liferay DXP 7.3 before fix pack 1 allows remote authenticated attackers to prevent any user from authenticating by (1) enabling Time-based One-time password (TOTP) on behalf of the other user or (2) modifying the oth...

6.5CVSS6.3AI score0.00521EPSS

CVE•added 2021/05/16 4:15 p.m.•55 views

CVE-2021-29047

The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly perform actions protected by a CAPTCHA challenge by reusing the same CAPTCHA answer.

7.5CVSS7.5AI score0.00212EPSS

CVE•added 2022/10/19 2:15 a.m.•53 views

CVE-2022-38901

A Cross-site scripting (XSS) vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the description field of uploaded svg file.

5.4CVSS5.4AI score0.00276EPSS

CVE•added 2021/08/03 7:15 p.m.•52 views

CVE-2021-33321

Insecure default configuration in Liferay Portal 6.2.3 through 7.3.2, and Liferay DXP before 7.3, allows remote attackers to enumerate user email address via the forgot password functionality. The portal.property login.secure.forgot.password should be defaulted to true.

7.5CVSS7.6AI score0.00313EPSS

CVE•added 2022/10/18 9:15 p.m.•47 views

CVE-2022-42117

A Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML.

6.1CVSS6.1AI score0.00242EPSS

CVE•added 2022/10/18 9:15 p.m.•42 views

CVE-2022-42116

A Cross-site scripting (XSS) vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject arbitrary web script or HTML via the (1) name, or (2) namesp...

6.1CVSS6AI score0.00178EPSS

CVE•added 2022/10/18 9:15 p.m.•41 views

CVE-2022-42114

A Cross-site scripting (XSS) vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 through 7.4.3.36, and Liferay DXP 7.4 before update 37 allows remote attackers to inject arbitrary web script or HTML.

5.4CVSS5.4AI score0.00185EPSS