Dxp Security Vulnerabilities and Issues — Dxp CVE List

Lucene search

LiferayDxp

9 matches found

CVE•added 2021/05/17 11:15 a.m.•82 views

CVE-2021-29043

The Portal Store module in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 does not obfuscate the S3 store's proxy password, which allows attackers to steal the proxy password via man-in-the-middle ...

5.9CVSS5.8AI score0.00204EPSS

CVE•added 2022/10/19 2:15 a.m.•53 views

CVE-2022-38901

A Cross-site scripting (XSS) vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the description field of uploaded svg file.

5.4CVSS5.4AI score0.00276EPSS

CVE•added 2022/09/22 12:15 a.m.•52 views

CVE-2022-28978

Stored cross-site scripting (XSS) vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject ar...

5.4CVSS5.3AI score0.00166EPSS

CVE•added 2022/10/13 1:15 p.m.•49 views

CVE-2022-38902

A Cross-site scripting (XSS) vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic.

5.4CVSS5.4AI score0.00097EPSS

CVE•added 2024/02/08 4:15 a.m.•49 views

CVE-2024-25146

Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the sit...

5.3CVSS5.2AI score0.00332EPSS

CVE•added 2022/10/18 9:15 p.m.•48 views

CVE-2022-42112

A Cross-site scripting (XSS) vulnerability in the Portal Search module's Sort widget in Liferay Portal 7.2.0 through 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote attackers to inject arbitrary web script or HTML via a crafted paylo...

5.4CVSS5.3AI score0.002EPSS

CVE•added 2022/11/15 1:15 a.m.•43 views

CVE-2022-42119

Certain Liferay products are vulnerable to Cross Site Scripting (XSS) via the Commerce module. This affects Liferay Portal 7.3.5 through 7.4.2 and Liferay DXP 7.3 before update 8.

5.4CVSS5.3AI score0.00408EPSS

CVE•added 2022/11/15 1:15 a.m.•41 views

CVE-2022-42111

A Cross-site scripting (XSS) vulnerability in the Sharing module's user notification in Liferay Portal 7.2.1 through 7.4.2, and Liferay DXP 7.2 before fix pack 19, and 7.3 before update 4 allows remote attackers to inject arbitrary web script or HTML by sharing an asset with a crafted payload.

5.4CVSS5.3AI score0.00112EPSS

CVE•added 2022/10/18 9:15 p.m.•41 views

CVE-2022-42114

A Cross-site scripting (XSS) vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 through 7.4.3.36, and Liferay DXP 7.4 before update 37 allows remote attackers to inject arbitrary web script or HTML.

5.4CVSS5.4AI score0.00185EPSS