Liferay

Portal

109 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.6

CVE-2025-3594

  • EPSS 0.34%
  • Published 16.06.2025 14:13:54
  • Last modified 17.06.2025 20:50:23

Path traversal vulnerability with the downloading and installation of Xuggler in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 34, and older unsupported versions allows remote attackers to (1) add files to arbitr...

8.7

CVE-2025-3602

  • EPSS 0.15%
  • Published 16.06.2025 13:50:04
  • Last modified 17.06.2025 20:50:23

Liferay Portal 7.4.0 through 7.4.3.97, and Liferay DXP 2023.Q3.1 through 2023.Q3.2, 7.4 GA through update 92, 7.3 GA through update 35, and 7.2 fix pack 8 through fix pack 20 does not limit the depth of a GraphQL queries, which allows remote attacker...

6.9

CVE-2025-4388

  • EPSS 3.24%
  • Published 06.05.2025 18:15:39
  • Last modified 07.05.2025 14:13:20

A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 GA through ...

4.8

CVE-2025-3760

  • EPSS 0.18%
  • Published 17.04.2025 12:53:19
  • Last modified 17.04.2025 20:21:48

A stored cross-site scripting (XSS) vulnerability exists with radio button type custom fields in Liferay Portal 7.2.0 through 7.4.3.129, and Liferay DXP 2024.Q4.1 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.9, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1...

5.1

CVE-2025-2565

  • EPSS 0.09%
  • Published 20.03.2025 16:10:06
  • Last modified 20.03.2025 17:15:39

The data exposure vulnerability in Liferay Portal 7.4.0 through 7.4.3.126, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.12, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92 all...

5.1

CVE-2025-2536

  • EPSS 0.21%
  • Published 19.03.2025 19:00:42
  • Last modified 19.03.2025 19:15:50

Cross-site scripting (XSS) vulnerability on Liferay Portal 7.4.3.82 through 7.4.3.128, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 82 th...

8.8

CVE-2021-29050

  • EPSS 0.3%
  • Published 20.02.2024 22:15:08
  • Last modified 21.11.2024 06:00:35

Cross-Site Request Forgery (CSRF) vulnerability in the terms of use page in Liferay Portal before 7.3.6, and Liferay DXP 7.3 before service pack 1, 7.2 before fix pack 11 allows remote attackers to accept the site's terms of use via social engineerin...

3.5

CVE-2011-1504

  • EPSS 0.34%
  • Published 07.05.2011 19:55:01
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA allows remote authenticated users to inject arbitrary web script or HTML via a blog title.

4.3

CVE-2007-6055

  • EPSS 7.64%
  • Published 20.11.2007 20:46:00
  • Last modified 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Portal 4.1.0 and 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter. NOTE: this issue reportedly exists because of a regression that foll...