Liferay Portal Security Vulnerabilities and Issues — Liferay Portal CVE List | Vulners.com

Lucene search

K

LiferayLiferay Portal

8 matches found

CVE•added 2017/01/13 7:59 p.m.•109 views

CVE-2010-5327

Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template.

8.8CVSS8.6AI score0.0151EPSS

CVE•added 2017/08/07 4:29 p.m.•57 views

CVE-2017-12647

XSS exists in Liferay Portal before 7.0 CE GA4 via a Knowledge Base article title.

6.1CVSS5.9AI score0.00247EPSS

CVE•added 2017/08/07 4:29 p.m.•53 views

CVE-2017-12645

XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid portletId.

6.1CVSS5.9AI score0.00244EPSS

CVE•added 2017/08/07 4:29 p.m.•53 views

CVE-2017-12648

XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL.

6.1CVSS5.9AI score0.00247EPSS

CVE•added 2017/08/07 4:29 p.m.•51 views

CVE-2017-12646

XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, password, or e-mail address.

6.1CVSS5.9AI score0.00247EPSS

CVE•added 2017/08/07 4:29 p.m.•51 views

CVE-2017-12649

XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted title or summary that is mishandled in the Web Content Display.

6.1CVSS5.8AI score0.00247EPSS

CVE•added 2017/12/27 5:8 p.m.•51 views

CVE-2017-17868

In Liferay Portal 6.1.0, the tags section has XSS via a Public Render Parameter (p_r_p) value, as demonstrated by p_r_p_564233524_tag.

6.1CVSS5.9AI score0.0024EPSS

CVE•added 2017/08/07 4:29 p.m.•46 views

CVE-2016-10404

XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted redirect field to modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp.

6.1CVSS5.8AI score0.00247EPSS