Liferay

Liferay Portal

180 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2024-26268

  • EPSS 0.3%
  • Published 20.02.2024 14:15:09
  • Last modified 28.01.2025 21:37:57

User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to dete...

5.3

CVE-2024-26270

  • EPSS 0.24%
  • Published 20.02.2024 14:15:09
  • Last modified 28.01.2025 21:25:41

The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 76 through 92 embeds the user’s hashed password in the page’s HTML source, which allows man-in-the-middle attackers to steal...

5.4

CVE-2024-25610

  • EPSS 0.14%
  • Published 20.02.2024 13:15:08
  • Last modified 11.12.2024 17:53:18

In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions, the default configuration does not sanitize blog entries of Ja...

6.5

CVE-2024-26265

  • EPSS 0.69%
  • Published 20.02.2024 13:15:08
  • Last modified 28.01.2025 21:35:11

The Image Uploader module in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions relies on a request parameter to lim...

5.3

CVE-2024-26267

  • EPSS 0.22%
  • Published 20.02.2024 13:15:08
  • Last modified 28.01.2025 21:36:47

In Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versions, and Liferay DXP 7.4 before update 26, 7.3 before update 5, 7.2 before fix pack 19, and older unsupported versions the default value of the portal property `http.header.version....

7.5

CVE-2024-25607

  • EPSS 0.13%
  • Published 20.02.2024 10:15:08
  • Last modified 11.12.2024 18:01:46

The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions defa...

6.1

CVE-2024-25608

  • EPSS 0.47%
  • Published 20.02.2024 10:15:08
  • Last modified 11.12.2024 17:56:22

HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions can be circumvented by using the 'REPL...

6.1

CVE-2024-25609

  • EPSS 0.51%
  • Published 20.02.2024 10:15:08
  • Last modified 11.12.2024 17:55:21

HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 service pack 3, 7.2 fix pack 15 through 18, and older unsupported versions can be circumvented by using two for...

6.5

CVE-2024-25604

  • EPSS 0.18%
  • Published 20.02.2024 09:15:09
  • Last modified 10.12.2024 22:59:32

Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions does not properly check user permissions, which allows remote authenticate...

5.3

CVE-2024-25605

  • EPSS 0.24%
  • Published 20.02.2024 09:15:09
  • Last modified 10.12.2024 22:20:47

The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content te...