Liferay Portal@7.4.2 Security Vulnerabilities and Issues — Liferay Portal@7.4.2 CVE List

Lucene search

LiferayLiferay Portal7.4.2

9 matches found

CVE•added 2022/09/22 1:15 a.m.•491 views

CVE-2022-28981

Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the parameter parameter.

7.5CVSS7.5AI score0.00262EPSS

CVE•added 2022/10/07 6:15 p.m.•77 views

CVE-2022-41414

An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows attackers to enumerate usernames, site names, and pages.

5.3CVSS5.2AI score0.00099EPSS

CVE•added 2022/11/15 12:15 a.m.•63 views

CVE-2022-42110

A Cross-site scripting (XSS) vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML.

6.1CVSS6.1AI score0.00198EPSS

CVE•added 2022/11/15 1:15 a.m.•59 views

CVE-2022-42121

A SQL injection vulnerability in the Layout module in Liferay Portal 7.1.3 through 7.4.3.4, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before service pack 3, and 7.4 GA allows remote authenticated attackers to execute arbitrary SQL commands via a crafted payload injected in...

8.8CVSS8.8AI score0.00462EPSS

CVE•added 2023/10/17 9:15 a.m.•56 views

CVE-2023-42629

Stored cross-site scripting (XSS) vulnerability in the manage vocabulary page in Liferay Portal 7.4.2 through 7.4.3.87, and Liferay DXP 7.4 before update 88 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a Vocabulary's 'description' text field.

9CVSS5.2AI score0.00159EPSS

CVE•added 2023/10/17 9:15 a.m.•53 views

CVE-2023-44309

Multiple stored cross-site scripting (XSS) vulnerabilities in the fragment components in Liferay Portal 7.4.2 through 7.4.3.53, and Liferay DXP 7.4 before update 54 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into any non-HTML field of a linked sourc...

9CVSS5.3AI score0.00152EPSS

CVE•added 2022/11/15 1:15 a.m.•51 views

CVE-2022-42118

A Cross-site scripting (XSS) vulnerability in the Portal Search module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the tag parameter.

6.1CVSS6AI score0.42409EPSS

CVE•added 2022/11/15 1:15 a.m.•45 views

CVE-2022-42119

Certain Liferay products are vulnerable to Cross Site Scripting (XSS) via the Commerce module. This affects Liferay Portal 7.3.5 through 7.4.2 and Liferay DXP 7.3 before update 8.

5.4CVSS5.3AI score0.00515EPSS

CVE•added 2022/11/15 1:15 a.m.•43 views

CVE-2022-42111

A Cross-site scripting (XSS) vulnerability in the Sharing module's user notification in Liferay Portal 7.2.1 through 7.4.2, and Liferay DXP 7.2 before fix pack 19, and 7.3 before update 4 allows remote attackers to inject arbitrary web script or HTML by sharing an asset with a crafted payload.

5.4CVSS5.3AI score0.00141EPSS