CVE-2025-2565
- EPSS 0.13%
- Veröffentlicht 20.03.2025 16:10:06
- Zuletzt bearbeitet 20.03.2025 17:15:39
The data exposure vulnerability in Liferay Portal 7.4.0 through 7.4.3.126, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.12, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92 all...
CVE-2025-2536
- EPSS 0.29%
- Veröffentlicht 19.03.2025 19:00:42
- Zuletzt bearbeitet 19.03.2025 19:15:50
Cross-site scripting (XSS) vulnerability on Liferay Portal 7.4.3.82 through 7.4.3.128, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 82 th...
CVE-2021-29050
- EPSS 0.3%
- Veröffentlicht 20.02.2024 22:15:08
- Zuletzt bearbeitet 21.11.2024 06:00:35
Cross-Site Request Forgery (CSRF) vulnerability in the terms of use page in Liferay Portal before 7.3.6, and Liferay DXP 7.3 before service pack 1, 7.2 before fix pack 11 allows remote attackers to accept the site's terms of use via social engineerin...
CVE-2011-1504
- EPSS 0.34%
- Veröffentlicht 07.05.2011 19:55:01
- Zuletzt bearbeitet 11.04.2025 00:51:21
Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA allows remote authenticated users to inject arbitrary web script or HTML via a blog title.
CVE-2007-6055
- EPSS 7.64%
- Veröffentlicht 20.11.2007 20:46:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay Portal 4.1.0 and 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter. NOTE: this issue reportedly exists because of a regression that foll...