Dxp@7.4 Security Vulnerabilities and Issues — Dxp@7.4 CVE List

Lucene search

LiferayDxp7.4

16 matches found

CVE•added 2022/09/22 1:15 a.m.•69 views

CVE-2022-28980

Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter_ prefix.

6.1CVSS6.1AI score0.00114EPSS

CVE•added 2022/09/22 12:15 a.m.•68 views

CVE-2022-39975

The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a "Content Page" type page, allowing attackers to view unpublished "Content Page" pages via URL manipulation.

4.3CVSS4.4AI score0.00201EPSS

CVE•added 2024/02/07 3:15 p.m.•65 views

CVE-2024-25145

Stored cross-site scripting (XSS) vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 through 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before update 8, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote au...

9.6CVSS5AI score0.00152EPSS

CVE•added 2022/11/15 1:15 a.m.•61 views

CVE-2022-42120

A SQL injection vulnerability in the Fragment module in Liferay Portal 7.3.3 through 7.4.3.16, and Liferay DXP 7.3 before update 4, and 7.4 before update 17 allows attackers to execute arbitrary SQL commands via a PortletPreferences' namespace attribute.

9.8CVSS9.9AI score0.00234EPSS

CVE•added 2022/11/15 1:15 a.m.•56 views

CVE-2022-42121

A SQL injection vulnerability in the Layout module in Liferay Portal 7.1.3 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before service pack 3, and 7.4 GA allows remote authenticated attackers to execute arbitrary SQL commands via a crafted payload injected in...

8.8CVSS8.8AI score0.00366EPSS

CVE•added 2022/10/19 2:15 a.m.•53 views

CVE-2022-38901

A Cross-site scripting (XSS) vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the description field of uploaded svg file.

5.4CVSS5.4AI score0.00276EPSS

CVE•added 2022/09/22 1:15 a.m.•49 views

CVE-2022-38512

The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via crafted URL.

6.5CVSS6.4AI score0.00179EPSS

CVE•added 2024/02/08 4:15 a.m.•49 views

CVE-2024-25144

The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a deni...

6.5CVSS6.1AI score0.00318EPSS

CVE•added 2022/10/18 9:15 p.m.•48 views

CVE-2022-42112

A Cross-site scripting (XSS) vulnerability in the Portal Search module's Sort widget in Liferay Portal 7.2.0 through 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote attackers to inject arbitrary web script or HTML via a crafted paylo...

5.4CVSS5.3AI score0.002EPSS

CVE•added 2023/06/15 4:15 a.m.•48 views

CVE-2023-35029

Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to arbitrary external URLs via the _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL par...

6.1CVSS6.3AI score0.00231EPSS

CVE•added 2022/10/18 9:15 p.m.•47 views

CVE-2022-42117

A Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML.

6.1CVSS6.1AI score0.00242EPSS

CVE•added 2022/10/18 9:15 p.m.•44 views

CVE-2022-42113

A Cross-site scripting (XSS) vulnerability in Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter.

6.1CVSS6AI score0.00178EPSS

CVE•added 2022/10/18 9:15 p.m.•42 views

CVE-2022-42116

A Cross-site scripting (XSS) vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject arbitrary web script or HTML via the (1) name, or (2) namesp...

6.1CVSS6AI score0.00178EPSS

CVE•added 2022/10/18 9:15 p.m.•41 views

CVE-2022-42114

A Cross-site scripting (XSS) vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 through 7.4.3.36, and Liferay DXP 7.4 before update 37 allows remote attackers to inject arbitrary web script or HTML.

5.4CVSS5.4AI score0.00185EPSS

CVE•added 2023/06/15 4:15 a.m.•41 views

CVE-2023-3193

Cross-site scripting (XSS) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_back...

6.1CVSS6AI score0.00136EPSS

CVE•added 2023/06/15 5:15 a.m.•35 views

CVE-2023-35030

Cross-site request forgery (CSRF) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to execute arbitrary code in the scripting console via the _com_liferay_layout_admin_web_portlet_Gro...

8.8CVSS8.8AI score0.00572EPSS