Liferay Portal@7.3.3 Security Vulnerabilities and Issues — Liferay Portal@7.3.3 CVE List

Lucene search

LiferayLiferay Portal7.3.3

7 matches found

CVE•added 2022/04/19 1:15 p.m.•73 views

CVE-2022-26593

Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the name of a asset category.

5.4CVSS5.3AI score0.00167EPSS

CVE•added 2022/11/15 1:15 a.m.•72 views

CVE-2022-42123

A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin.

7.5CVSS7.4AI score0.00218EPSS

CVE•added 2022/09/22 12:15 a.m.•69 views

CVE-2022-39975

The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a "Content Page" type page, allowing attackers to view unpublished "Content Page" pages via URL manipulation.

4.3CVSS4.4AI score0.00241EPSS

CVE•added 2022/11/15 1:15 a.m.•64 views

CVE-2022-42120

A SQL injection vulnerability in the Fragment module in Liferay Portal 7.3.3 through 7.4.3.16, and Liferay DXP 7.3 before update 4, and 7.4 before update 17 allows attackers to execute arbitrary SQL commands via a PortletPreferences' namespace attribute.

9.8CVSS9.9AI score0.00296EPSS

CVE•added 2022/04/25 4:16 p.m.•61 views

CVE-2022-26596

Cross-site scripting (XSS) vulnerability in Journal module's web content display configuration page in Liferay Portal 7.1.0 through 7.3.3, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 8, allows remote attackers to inject arbitrary web script or HTML via we...

6.1CVSS6AI score0.0023EPSS

CVE•added 2024/02/21 3:15 a.m.•61 views

CVE-2023-42496

Reflected cross-site scripting (XSS) vulnerability on the add assignees to a role page in Liferay Portal 7.3.3 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, 7.4 GA through update 92, and 7.3 before update 34 allows remote attackers to inject arbitrary web script or HTML via the _com_lif...

9.6CVSS7.5AI score0.00377EPSS

CVE•added 2022/09/22 12:15 a.m.•54 views

CVE-2022-28982

A cross-site scripting (XSS) vulnerability in Liferay Portal v7.3.3 through v7.4.2 and Liferay DXP v7.3 before service pack 3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name of a tag.

6.1CVSS5.9AI score0.00399EPSS