Liferay Portal@7.3.6 Security Vulnerabilities and Issues — Liferay Portal@7.3.6 CVE List

Lucene search

LiferayLiferay Portal7.3.6

4 matches found

CVE•added 2022/03/03 12:15 a.m.•86 views

CVE-2021-38269

Cross-site scripting (XSS) vulnerability in the Gogo Shell module in Liferay Portal 7.1.0 through 7.3.6 and 7.4.0, and Liferay DXP 7.1 before fix pack 23, 7.2 before fix pack 13, and 7.3 before fix pack 2 allows remote attackers to inject arbitrary web script or HTML via the output of a Gogo Shell ...

5.4CVSS5.3AI score0.00178EPSS

CVE•added 2022/03/03 12:15 a.m.•81 views

CVE-2021-38267

Cross-site scripting (XSS) vulnerability in the Blogs module's edit blog entry page in Liferay Portal 7.3.2 through 7.3.6, and Liferay DXP 7.3 before fix pack 2 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_blogs_web_portlet_BlogsAdminPortlet_title and _com_lif...

5.4CVSS5.3AI score0.00178EPSS

CVE•added 2022/03/03 12:15 a.m.•79 views

CVE-2021-38265

Cross-site scripting (XSS) vulnerability in the Asset module in Liferay Portal 7.3.4 through 7.3.6 allow remote attackers to inject arbitrary web script or HTML when creating a collection page via the _com_liferay_asset_list_web_portlet_AssetListPortlet_title parameter.

5.4CVSS5.3AI score0.00178EPSS

CVE•added 2023/10/17 10:15 a.m.•42 views

CVE-2023-44310

Stored cross-site scripting (XSS) vulnerability in Page Tree menu Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into page's "Name" text f...

9CVSS5.2AI score0.00152EPSS