CRITICAL9.6CVE-2023-42627Liferay Portal and Liferay DXP Vulnerable to XSS in the Commerce Module >= 7.3.0, <= 7.3.0, >= 7.4.0, <= 7.4.0 | >= 7.3-fix.0, <= 7.3-fix.0, >= 7.3-fix.0, <= 7.3-fix.0, >= 7.3-update14.0, <= 7.3-update14.0, >= 7.4-update1.0, <= 7.4-update1.0, >= 7.4-update21.0, <= 7.4-update21.0, >= 7.4-update34.0, <= 7.4-update34.0, >= 7.4-update36.0, <= 7.4-update36.0, >= 7.4-update41.0, <= 7.4-update41.0, >= 7.4-update48.0, <= 7.4-update48.0, >= 7.4-update50.0, <= 7.4-update50.0, >= 7.4-update52.0, <= 7.4-update52.0, >= 7.4-update62.0, <= 7.4-update62.0, >= 7.4-update67.0, <= 7.4-update67.0, >= 7.4-update76.0, <= 7.4-update76.0, >= 7.4-update81.0, <= 7.4-update81.0, >= 7.4-update82.0, <= 7.4-update82.0, >= 7.4-update83.0, <= 7.4-update83.0, >= 7.4-update84.0, <= 7.4-update84.0, >= 7.4-update85.0, <= 7.4-update85.0, >= 7.4-update86.0, <= 7.4-update86.0
CRITICAL9.6Liferay Portal and Liferay DXP Vulnerable to XSS via the OAuth2ProviderApplicationRedirect Class
>= 7.4-update41.0, <= 7.4-update41.0, >= 7.4-update48.0, <= 7.4-update48.0, >= 7.4-update50.0, <= 7.4-update50.0, >= 7.4-update52.0, <= 7.4-update52.0, >= 7.4-update62.0, <= 7.4-update62.0, >= 7.4-update67.0, <= 7.4-update67.0, >= 7.4-update76.0, <= 7.4-update76.0, >= 7.4-update81.0, <= 7.4-update81.0, >= 7.4-update82.0, <= 7.4-update82.0, >= 7.4-update83.0, <= 7.4-update83.0, >= 7.4-update84.0, <= 7.4-update84.0, >= 7.4-update85.0, <= 7.4-update85.0, >= 7.4-update86.0, <= 7.4-update86.0
CRITICAL9.6Liferay Portal and Liferay DXP Vulnerable to Reflected XSS via the Export for Translation Page
>= 7.4.0, <= 7.4.0 | >= 7.4-update1.0, <= 7.4-update1.0, >= 7.4-update21.0, <= 7.4-update21.0, >= 7.4-update34.0, <= 7.4-update34.0, >= 7.4-update36.0, <= 7.4-update36.0, >= 7.4-update41.0, <= 7.4-update41.0, >= 7.4-update48.0, <= 7.4-update48.0, >= 7.4-update50.0, <= 7.4-update50.0, >= 7.4-update52.0, <= 7.4-update52.0, >= 7.4-update62.0, <= 7.4-update62.0, >= 7.4-update67.0, <= 7.4-update67.0, >= 7.4-update76.0, <= 7.4-update76.0, >= 7.4-update81.0, <= 7.4-update81.0, >= 7.4-update82.0, <= 7.4-update82.0, >= 7.4-update83.0, <= 7.4-update83.0, >= 7.4-update84.0, <= 7.4-update84.0, >= 7.4-update85.0, <= 7.4-update85.0
CRITICAL9.0Liferay Portal and Liferay DXP Vulnerable to XSS in the Wiki Widget
>= 7.0.0, <= 7.0.0, >= 7.1.0, <= 7.1.0, >= 7.2.0, <= 7.2.0, >= 7.3.0, <= 7.3.0, >= 7.4.0, <= 7.4.0 | >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.4-update1.0, <= 7.4-update1.0, >= 7.4-update21.0, <= 7.4-update21.0, >= 7.4-update34.0, <= 7.4-update34.0, >= 7.4-update36.0, <= 7.4-update36.0, >= 7.4-update41.0, <= 7.4-update41.0, >= 7.4-update48.0, <= 7.4-update48.0, >= 7.4-update50.0, <= 7.4-update50.0, >= 7.4-update52.0, <= 7.4-update52.0, >= 7.4-update62.0, <= 7.4-update62.0, >= 7.4-update67.0, <= 7.4-update67.0, >= 7.4-update76.0, <= 7.4-update76.0, >= 7.4-update81.0, <= 7.4-update81.0, >= 7.4-update82.0, <= 7.4-update82.0, >= 7.4-update83.0, <= 7.4-update83.0, >= 7.4-update84.0, <= 7.4-update84.0, >= 7.4-update85.0, <= 7.4-update85.0, >= 7.4-update86.0, <= 7.4-update86.0
CRITICAL9.0Liferay Portal and Liferay DXP Vulnerable to XSS via the Page Tree Menu
>= 7.4.0, <= 7.4.0 | >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.4-update1.0, <= 7.4-update1.0, >= 7.4-update21.0, <= 7.4-update21.0, >= 7.4-update34.0, <= 7.4-update34.0, >= 7.4-update36.0, <= 7.4-update36.0, >= 7.4-update41.0, <= 7.4-update41.0, >= 7.4-update48.0, <= 7.4-update48.0, >= 7.4-update50.0, <= 7.4-update50.0, >= 7.4-update52.0, <= 7.4-update52.0, >= 7.4-update62.0, <= 7.4-update62.0, >= 7.4-update67.0, <= 7.4-update67.0, >= 7.4-update76.0, <= 7.4-update76.0
CRITICAL9.0Liferay Portal and Liferay DXP Vulnerable to XSS in the Fragment Components
>= 7.4.0, <= 7.4.0 | >= 7.4-update1.0, <= 7.4-update1.0, >= 7.4-update21.0, <= 7.4-update21.0, >= 7.4-update34.0, <= 7.4-update34.0, >= 7.4-update36.0, <= 7.4-update36.0, >= 7.4-update41.0, <= 7.4-update41.0, >= 7.4-update48.0, <= 7.4-update48.0, >= 7.4-update50.0, <= 7.4-update50.0, >= 7.4-update52.0, <= 7.4-update52.0
CRITICAL9.0Liferay Portal and Liferay DXP Vulnerable to Stored XSS in the Manage Vocabulary Page
>= 7.4.0, <= 7.4.0 | >= 7.4-update1.0, <= 7.4-update1.0, >= 7.4-update21.0, <= 7.4-update21.0, >= 7.4-update34.0, <= 7.4-update34.0, >= 7.4-update36.0, <= 7.4-update36.0, >= 7.4-update41.0, <= 7.4-update41.0, >= 7.4-update48.0, <= 7.4-update48.0, >= 7.4-update50.0, <= 7.4-update50.0, >= 7.4-update52.0, <= 7.4-update52.0, >= 7.4-update62.0, <= 7.4-update62.0, >= 7.4-update67.0, <= 7.4-update67.0, >= 7.4-update76.0, <= 7.4-update76.0, >= 7.4-update81.0, <= 7.4-update81.0, >= 7.4-update82.0, <= 7.4-update82.0, >= 7.4-update83.0, <= 7.4-update83.0, >= 7.4-update84.0, <= 7.4-update84.0, >= 7.4-update85.0, <= 7.4-update85.0, >= 7.4-update86.0, <= 7.4-update86.0
HIGH8.1SQL injection in Liferay Portal
>= 7.3.0, <= 7.3.0, >= 7.4.0, <= 7.4.0 | >= 7.3-fix.0, <= 7.3-fix.0, >= 7.3-fix.0, <= 7.3-fix.0, >= 7.4-update1.0, <= 7.4-update1.0
HIGH7.5Missing authorization in Liferay portal
>= 7.4-update67.0, <= 7.4-update67.0
HIGH7.5Path Traversal in Liferay Portal
>= 7.4-update1.0, <= 7.4-update1.0, >= 7.4-update34.0, <= 7.4-update34.0
HIGH7.5Path Traversal in Liferay Portal
>= 7.3.0, <= 7.3.0, >= 7.4.0, <= 7.4.0
HIGH7.5Inefficient Regular Expression Complexity in Liferay Portal
>= 7.3.0, <= 7.3.0, >= 7.4.0, <= 7.4.0 | >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0
HIGH7.5Liferay Portal and Liferay DXP fails to properly import users from LDAP
>= 7.0.0, <= 7.0.0, >= 7.1.0, <= 7.1.0, >= 7.2.0, <= 7.2.0 | >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0
MEDIUM6.5Liferay Portal has Inefficient Regular Expression
>= 7.4-update48.0, <= 7.4-update48.0, >= 7.4-update76.0, <= 7.4-update76.0
MEDIUM6.5Liferay Portal and Liferay DXP has incorrect default permissions for site members
from 0, < 7.2.1 | >= 7.3.0, <= 7.3.0 | >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.3-fix.0, <= 7.3-fix.0
MEDIUM6.5Unrestricted Upload of File with Dangerous Type in Liferay Portal and Liferay DXP
>= 7.1.0, <= 7.1.0, >= 7.2.0, <= 7.2.0 | >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-sp1.0, <= 7.1-sp1.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0
MEDIUM6.4Cross-site scripting in Liferay Portal
>= 7.4-update50.0, <= 7.4-update50.0
MEDIUM6.1Cross-site scripting in Liferay Portal
>= 7.3.0, <= 7.3.0, >= 7.4.0, <= 7.4.0 | >= 7.3-fix.0, <= 7.3-fix.0, >= 7.3-fix.0, <= 7.3-fix.0, >= 7.4-update1.0, <= 7.4-update1.0, >= 7.4-update21.0, <= 7.4-update21.0, >= 7.4-update34.0, <= 7.4-update34.0, >= 7.4-update36.0, <= 7.4-update36.0, >= 7.4-update41.0, <= 7.4-update41.0, >= 7.4-update50.0, <= 7.4-update50.0, >= 7.4-update52.0, <= 7.4-update52.0, >= 7.4-update62.0, <= 7.4-update62.0
MEDIUM6.1Cross-site scripting in Liferay Portal
>= 7.4-update41.0, <= 7.4-update41.0, >= 7.4-update52.0, <= 7.4-update52.0
MEDIUM6.1Liferay Portal and Liferay DXP allows arbitrary injection via web content template names
>= 7.0.0, <= 7.0.0, >= 7.1.0, <= 7.1.0, >= 7.2.0, <= 7.2.0 | >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0
MEDIUM6.1Liferay Portal and Liferay DXP allows arbitrary injection via the site name
from 0, < 7.3.0 | >= 7.3.0, <= 7.3.0 | >= 7.3-fix.0, <= 7.3-fix.0, >= 7.3-fix.0, <= 7.3-fix.0
MEDIUM6.1Liferay Portal and Liferay DXP cross-site scripting (XSS) vulnerability via the script console
>= 7.0.0, <= 7.0.0, >= 7.1.0, <= 7.1.0, >= 7.2.0, <= 7.2.0 | >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0
MEDIUM5.9Liferay Portal and Liferay DXP Includes LDAP Credentials in the Page URL
>= 7.0.0, <= 7.0.0, >= 7.1.0, <= 7.1.0, >= 7.2.0, <= 7.2.0, >= 7.3.0, <= 7.3.0, >= 7.4.0, <= 7.4.0 | >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.0-fix.0, <= 7.0-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-sp1.0, <= 7.1-sp1.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.3-fix.0, <= 7.3-fix.0, >= 7.3-fix.0, <= 7.3-fix.0
MEDIUM5.4Cross-site scripting in Liferay Portal
>= 7.1.0, <= 7.1.0, >= 7.2.0, <= 7.2.0 | >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0
MEDIUM5.4Cross-site scripting in Liferay Portal
>= 7.4-update21.0, <= 7.4-update21.0, >= 7.4-update62.0, <= 7.4-update62.0
MEDIUM5.4Cross-site scripting in Liferay Portal
>= 7.1.0, <= 7.1.0, >= 7.2.0, <= 7.2.0, >= 7.3.0, <= 7.3.0, >= 7.4.0, <= 7.4.0 | >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.3-fix.0, <= 7.3-fix.0, >= 7.3-fix.0, <= 7.3-fix.0, >= 7.4-update1.0, <= 7.4-update1.0
MEDIUM5.4Liferay Portal and Liferay DXP allows arbitrary injection via the name of an asset category
from 0, < 7.3.0 | >= 7.3.0, <= 7.3.0 | >= 7.3-fix.0, <= 7.3-fix.0
MEDIUM5.4Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS)
from 0, < 7.3.0
MEDIUM5.4Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS) in the Gogo Shell module
>= 7.1.0, <= 7.1.0, >= 7.2.0, <= 7.2.0, >= 7.3.0, <= 7.3.0 | >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.3-fix.0, <= 7.3-fix.0
MEDIUM5.4Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS) in edit blog entry page
from 0, < 7.3.0 | >= 7.3.0, <= 7.3.0 | >= 7.3-fix.0, <= 7.3-fix.0
MEDIUM5.3Insecure Default Initialization In Liferay Portal
>= 7.0.0, <= 7.0.0, >= 7.1.0, <= 7.1.0, >= 7.2.0, <= 7.2.0
MEDIUM5.3Incorrect Default Permissions in Liferay Portal
>= 7.4.0, <= 7.4.0
MEDIUM5.3Incorrect Default Permissions in Liferay Portal
>= 7.4-update1.0, <= 7.4-update1.0, >= 7.4-update36.0, <= 7.4-update36.0
MEDIUM5.3Liferay Portal and Liferay DXP fails to check origin of event messages
from 0, < 7.4.0
MEDIUM4.8Cross-site scripting in Liferay Portal
>= 7.4.0, <= 7.4.0 | >= 7.4-update1.0, <= 7.4-update1.0
MEDIUM4.8Cross-site scripting in Liferay Portal
>= 7.3.0, <= 7.3.0 | >= 7.3-fix.0, <= 7.3-fix.0, >= 7.3-fix.0, <= 7.3-fix.0
MEDIUM4.8Improper Certificate Validation in Liferay Portal
>= 7.1.0, <= 7.1.0, >= 7.2.0, <= 7.2.0, >= 7.3.0, <= 7.3.0 | >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.3-fix.0, <= 7.3-fix.0, >= 7.3-fix.0, <= 7.3-fix.0
MEDIUM4.3Liferay Portal and Liferay DXP Organization Selector Does Not Check User Permissions
>= 7.4-update81.0, <= 7.4-update81.0, >= 7.4-update82.0, <= 7.4-update82.0, >= 7.4-update83.0, <= 7.4-update83.0, >= 7.4-update84.0, <= 7.4-update84.0, >= 7.4-update85.0, <= 7.4-update85.0
MEDIUM4.3Liferay portal unauthorized access to objects via OAuth 2 scope
>= 7.4.0, <= 7.4.0 | >= 7.4-update1.0, <= 7.4-update1.0, >= 7.4-update34.0, <= 7.4-update34.0, >= 7.4-update36.0, <= 7.4-update36.0
MEDIUM4.3Liferay portal has unauthorized access to object definition via search
>= 7.4.0, <= 7.4.0 | >= 7.4-update1.0, <= 7.4-update1.0, >= 7.4-update21.0, <= 7.4-update21.0, >= 7.4-update34.0, <= 7.4-update34.0, >= 7.4-update36.0, <= 7.4-update36.0, >= 7.4-update41.0, <= 7.4-update41.0, >= 7.4-update50.0, <= 7.4-update50.0, >= 7.4-update52.0, <= 7.4-update52.0
MEDIUM4.3Missing permissions check in Liferay Portal
>= 7.3.0, <= 7.3.0, >= 7.4.0, <= 7.4.0 | >= 7.4-update1.0, <= 7.4-update1.0
MEDIUM4.3Authorization Bypass in Liferay Portal
>= 7.3.0, <= 7.3.0, >= 7.4.0, <= 7.4.0
MEDIUM4.3Incorrect Default Permissions in Liferay Portal
>= 7.1.0, <= 7.1.0, >= 7.2.0, <= 7.2.0, >= 7.3.0, <= 7.3.0, >= 7.4.0, <= 7.4.0 | >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.1-fix.0, <= 7.1-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0, >= 7.2-fix.0, <= 7.2-fix.0
MEDIUM4.3Liferay Portal and Liferay DXP fails to check permissions to view sites/groups
>= 7.2-fix.0, <= 7.2-fix.0, >= 7.3-fix.0, <= 7.3-fix.0