Liferay

Dxp

154 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2022-42113

  • EPSS 0.18%
  • Veröffentlicht 18.10.2022 21:15:16
  • Zuletzt bearbeitet 10.05.2025 03:15:21

A Cross-site scripting (XSS) vulnerability in Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the `redirect` param...

5.4

CVE-2022-42114

  • EPSS 0.19%
  • Veröffentlicht 18.10.2022 21:15:16
  • Zuletzt bearbeitet 10.05.2025 03:15:21

A Cross-site scripting (XSS) vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 through 7.4.3.36, and Liferay DXP 7.4 before update 37 allows remote attackers to inject arbitrary web script or HTML.

6.1

CVE-2022-42116

  • EPSS 0.18%
  • Veröffentlicht 18.10.2022 21:15:16
  • Zuletzt bearbeitet 13.05.2025 15:15:50

A Cross-site scripting (XSS) vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject arbitrary w...

6.1

CVE-2022-42117

  • EPSS 0.24%
  • Veröffentlicht 18.10.2022 21:15:16
  • Zuletzt bearbeitet 12.05.2025 18:15:42

A Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote attackers to inject arbitrary web script or HTML.

5.4

CVE-2022-38902

Exploit
  • EPSS 0.1%
  • Veröffentlicht 13.10.2022 13:15:10
  • Zuletzt bearbeitet 15.05.2025 16:15:26

A Cross-site scripting (XSS) vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic.

6.1

CVE-2022-28980

  • EPSS 0.23%
  • Veröffentlicht 22.09.2022 01:15:11
  • Zuletzt bearbeitet 27.05.2025 18:15:28

Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter_ prefix.

6.5

CVE-2022-38512

  • EPSS 0.22%
  • Veröffentlicht 22.09.2022 01:15:11
  • Zuletzt bearbeitet 27.05.2025 18:15:29

The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page...

6.1

CVE-2022-28977

  • EPSS 0.2%
  • Veröffentlicht 22.09.2022 01:15:10
  • Zuletzt bearbeitet 27.05.2025 16:15:22

HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3 before service pack 3 can be circumvented by using multiple forward slashes, wh...

4.3

CVE-2022-39975

  • EPSS 0.16%
  • Veröffentlicht 22.09.2022 00:15:10
  • Zuletzt bearbeitet 27.05.2025 19:15:22

The Layout module in Liferay Portal v7.3.3 through v7.4.3.34, and Liferay DXP 7.3 before update 10, and 7.4 before update 35 does not check user permission before showing the preview of a "Content Page" type page, allowing attackers to view unpublish...

5.4

CVE-2022-28978

  • EPSS 0.2%
  • Veröffentlicht 22.09.2022 00:15:09
  • Zuletzt bearbeitet 27.05.2025 19:15:21

Stored cross-site scripting (XSS) vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before se...