Liferay

Liferay Portal

243 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2022-42113

  • EPSS 0.2%
  • Veröffentlicht 18.10.2022 21:15:16
  • Zuletzt bearbeitet 10.05.2025 03:15:21

A Cross-site scripting (XSS) vulnerability in Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the `redirect` param...

5.4

CVE-2022-42114

  • EPSS 0.2%
  • Veröffentlicht 18.10.2022 21:15:16
  • Zuletzt bearbeitet 10.05.2025 03:15:21

A Cross-site scripting (XSS) vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 through 7.4.3.36, and Liferay DXP 7.4 before update 37 allows remote attackers to inject arbitrary web script or HTML.

5.4

CVE-2022-42115

  • EPSS 0.2%
  • Veröffentlicht 18.10.2022 21:15:16
  • Zuletzt bearbeitet 13.05.2025 15:15:50

Cross-site scripting (XSS) vulnerability in the Object module's edit object details page in Liferay Portal 7.4.3.4 through 7.4.3.36 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the object field's ...

6.1

CVE-2022-42116

  • EPSS 0.2%
  • Veröffentlicht 18.10.2022 21:15:16
  • Zuletzt bearbeitet 13.05.2025 15:15:50

A Cross-site scripting (XSS) vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject arbitrary w...

6.1

CVE-2022-42117

  • EPSS 0.1%
  • Veröffentlicht 18.10.2022 21:15:16
  • Zuletzt bearbeitet 12.05.2025 18:15:42

A Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML.

5.4

CVE-2022-38902

Exploit
  • EPSS 0.23%
  • Veröffentlicht 13.10.2022 13:15:10
  • Zuletzt bearbeitet 15.05.2025 16:15:26

A Cross-site scripting (XSS) vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic.

5.3

CVE-2022-41414

  • EPSS 0.2%
  • Veröffentlicht 07.10.2022 18:15:22
  • Zuletzt bearbeitet 21.11.2024 07:23:10

An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows attackers to enumerate usernames, site names, and pages.

6.1

CVE-2022-28980

  • EPSS 0.23%
  • Veröffentlicht 22.09.2022 01:15:11
  • Zuletzt bearbeitet 27.05.2025 18:15:28

Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter_ prefix.

7.5

CVE-2022-28981

  • EPSS 0.26%
  • Veröffentlicht 22.09.2022 01:15:11
  • Zuletzt bearbeitet 27.05.2025 18:15:28

Path traversal vulnerability in the Hypermedia REST APIs module in Liferay Portal 7.4.0 through 7.4.2 allows remote attackers to access files outside of com.liferay.headless.discovery.web/META-INF/resources via the `parameter` parameter.

6.5

CVE-2022-38512

  • EPSS 0.22%
  • Veröffentlicht 22.09.2022 01:15:11
  • Zuletzt bearbeitet 27.05.2025 18:15:29

The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page...