Dxp@7.4 Security Vulnerabilities and Issues — Dxp@7.4 CVE List

Lucene search

LiferayDxp7.4

11 matches found

CVE•added 2022/09/22 1:15 a.m.•69 views

CVE-2022-28980

Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter_ prefix.

6.1CVSS6.1AI score0.00114EPSS

CVE•added 2022/09/22 12:15 a.m.•68 views

CVE-2022-39975

The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a "Content Page" type page, allowing attackers to view unpublished "Content Page" pages via URL manipulation.

4.3CVSS4.4AI score0.00201EPSS

CVE•added 2022/11/15 1:15 a.m.•61 views

CVE-2022-42120

A SQL injection vulnerability in the Fragment module in Liferay Portal 7.3.3 through 7.4.3.16, and Liferay DXP 7.3 before update 4, and 7.4 before update 17 allows attackers to execute arbitrary SQL commands via a PortletPreferences' namespace attribute.

9.8CVSS9.9AI score0.00234EPSS

CVE•added 2022/11/15 1:15 a.m.•56 views

CVE-2022-42121

A SQL injection vulnerability in the Layout module in Liferay Portal 7.1.3 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before service pack 3, and 7.4 GA allows remote authenticated attackers to execute arbitrary SQL commands via a crafted payload injected in...

8.8CVSS8.8AI score0.00366EPSS

CVE•added 2022/10/19 2:15 a.m.•53 views

CVE-2022-38901

A Cross-site scripting (XSS) vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the description field of uploaded svg file.

5.4CVSS5.4AI score0.00276EPSS

CVE•added 2022/09/22 1:15 a.m.•49 views

CVE-2022-38512

The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via crafted URL.

6.5CVSS6.4AI score0.00179EPSS

CVE•added 2022/10/18 9:15 p.m.•48 views

CVE-2022-42112

A Cross-site scripting (XSS) vulnerability in the Portal Search module's Sort widget in Liferay Portal 7.2.0 through 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote attackers to inject arbitrary web script or HTML via a crafted paylo...

5.4CVSS5.3AI score0.002EPSS

CVE•added 2022/10/18 9:15 p.m.•47 views

CVE-2022-42117

A Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML.

6.1CVSS6.1AI score0.00242EPSS

CVE•added 2022/10/18 9:15 p.m.•44 views

CVE-2022-42113

A Cross-site scripting (XSS) vulnerability in Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter.

6.1CVSS6AI score0.00178EPSS

CVE•added 2022/10/18 9:15 p.m.•42 views

CVE-2022-42116

A Cross-site scripting (XSS) vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject arbitrary web script or HTML via the (1) name, or (2) namesp...

6.1CVSS6AI score0.00178EPSS

CVE•added 2022/10/18 9:15 p.m.•41 views

CVE-2022-42114

A Cross-site scripting (XSS) vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 through 7.4.3.36, and Liferay DXP 7.4 before update 37 allows remote attackers to inject arbitrary web script or HTML.

5.4CVSS5.4AI score0.00185EPSS