Liferay

Liferay Portal

180 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2022-42116

  • EPSS 0.18%
  • Published 18.10.2022 21:15:16
  • Last modified 13.05.2025 15:15:50

A Cross-site scripting (XSS) vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject arbitrary w...

6.1

CVE-2022-42117

  • EPSS 0.24%
  • Published 18.10.2022 21:15:16
  • Last modified 12.05.2025 18:15:42

A Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML.

5.4

CVE-2022-38902

Exploit
  • EPSS 0.1%
  • Published 13.10.2022 13:15:10
  • Last modified 15.05.2025 16:15:26

A Cross-site scripting (XSS) vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic.

5.3

CVE-2022-41414

  • EPSS 0.3%
  • Published 07.10.2022 18:15:22
  • Last modified 21.11.2024 07:23:10

An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows attackers to enumerate usernames, site names, and pages.

6.1

CVE-2022-28980

  • EPSS 0.23%
  • Published 22.09.2022 01:15:11
  • Last modified 27.05.2025 18:15:28

Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter_ prefix.

7.5

CVE-2022-28981

  • EPSS 0.26%
  • Published 22.09.2022 01:15:11
  • Last modified 27.05.2025 18:15:28

Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the `parameter` parameter.

6.5

CVE-2022-38512

  • EPSS 0.22%
  • Published 22.09.2022 01:15:11
  • Last modified 27.05.2025 18:15:29

The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page...

6.1

CVE-2022-28977

  • EPSS 0.2%
  • Published 22.09.2022 01:15:10
  • Last modified 27.05.2025 16:15:22

HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3 before service pack 3 can be circumvented by using multiple forward slashes, wh...

4.3

CVE-2022-39975

  • EPSS 0.16%
  • Published 22.09.2022 00:15:10
  • Last modified 27.05.2025 19:15:22

The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a "Content Page" type page, allowing attackers to view unpublish...

5.4

CVE-2022-28978

  • EPSS 0.2%
  • Published 22.09.2022 00:15:09
  • Last modified 27.05.2025 19:15:21

Stored cross-site scripting (XSS) vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before se...