Liferay Portal Security Vulnerabilities and Issues — Liferay Portal CVE List

Lucene search

LiferayLiferay Portal

4 matches found

CVE•added 2019/10/04 2:15 p.m.•235 views

CVE-2019-16891

Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload.

9.8CVSS9.4AI score0.84811EPSS

CVE•added 2019/09/09 9:15 p.m.•175 views

CVE-2019-16147

Liferay Portal through 7.2.0 GA1 allows XSS via a journal article title to journal_article/page.jsp in journal/journal-taglib.

6.1CVSS5.8AI score0.0024EPSS

Web

CVE•added 2019/06/03 8:29 p.m.•128 views

CVE-2019-6588

In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call or . Liferay Portal out-of-the-box behavior with no customizations is not vulnerable.

4.7CVSS4.6AI score0.00691EPSS

CVE•added 2019/04/22 11:29 a.m.•83 views

CVE-2019-11444

An issue was discovered in Liferay Portal CE 7.1.2 GA3. An attacker can use Liferay's Groovy script console to execute OS commands. Commands can be executed via a [command].execute() call, as demonstrated by "def cmd =" in the ServerAdminPortlet_script value to group/control_panel/manage. Valid cre...

9CVSS7AI score0.44691EPSS

Web