CRITICAL9.8CVE-2022-42122Liferay Portal and Liferay DXP Vulnerable to SQL Injection via Friendly URL Module >= 7.3.7, < 7.4.0-ga1
CRITICAL9.8CVE-2019-16891Liferay Portal Allows RCE via Deserialization of a JSON Payload from 0, < 7.1.1
CRITICAL9.6CVE-2024-8980Liferay Portal and Liferay DXP Vulnerable to CSRF in the Script Console >= 7.0.0-a1, < 7.4.3.102-GA102
CRITICAL9.6Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting
>= 7.2.0, < 7.4.3.38
CRITICAL9.6Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting
>= 7.4.3.8, < 7.4.3.98
CRITICAL9.6Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting
from 0, <= 7.4.1
CRITICAL9.6Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
>= 7.3.3, < 7.4.3.98
CRITICAL9.6Liferay Portal stored cross-site scripting (XSS) vulnerability
from 0, < 7.4.3.12
CRITICAL9.6Liferay Portal XSS with `p_l_back_url_title` on edit content page
>= 7.4.3.94, < 7.4.3.96
CRITICAL9.0Liferay Portal and Liferay DXP Workflow Component Does Not Check User Permissions
>= 7.3.2-ga3, < 7.4.3.112-ga112
CRITICAL9.0Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting
>= 7.4.3.18, < 7.4.3.102
CRITICAL9.0Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting
from 0, < 7.4.3.14
CRITICAL9.0Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting
from 0, < 7.4.3.5
CRITICAL9.0Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site Scripting
from 0, <= 7.4.2
CRITICAL9.0Liferay Portal Message Board widget and Liferay DXP vulnerable to stored Cross-site Scripting
from 0, <= 7.4.2
CRITICAL9.0Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site Scripting
from 0, <= 7.4.2
CRITICAL9.0Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
>= 7.4.3.44, < 7.4.3.98
CRITICAL9.0Liferay Portal has a Stored XSS with Blog entries (Insecure defaults)
from 0, < 7.4.3.13
HIGH8.8Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the My Account Widget
>= 7.4.3.75, < 7.4.3.112
HIGH8.8Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the Content Page Editor
>= 7.4.0, < 7.4.3.104
HIGH8.8Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the Content Page Editor
>= 7.3.2, < 7.4.3.108
HIGH8.8Liferay Portal and Liferay DXP Vulnerable to CSRF via the Layout Module
>= 7.4.3.70-ga70, < 7.4.3.77-ga77
HIGH8.8Liferay Portal and Liferay DXP Vulnerable to Multiple SQL Injections
>= 7.3.5, < 7.3.6
HIGH8.8Liferay Portal and Liferay DXP Vulnerable to Arbitrary Code Execution
from 0, < 7.3.2
HIGH8.3Liferay Portal and Liferay DXP Potentially Reveal LDAP Server Password via Unsafe Connection
from 0, < 7.3.0
HIGH8.1Liferay Portal defaults to a low work factor for the default password hashing algorithm
from 0, < 7.4.3.14
HIGH8.1Liferay Portal vulnerable to user impersonation
>= 7.2.0, < 7.4.2
HIGH8.1SQL injection in Liferay Portal
>= 7.3.1, < 7.4.3.18
HIGH8.1Liferay Portal and Liferay DXP have Insecure Deserialization Vulnerability
from 0, < 7.3.0
HIGH8.0Liferay Portal has an XXE vulnerability in Java2WsddTask._format
from 0, < 7.4.3.8
HIGH7.5Missing authorization in Liferay portal
>= 7.4.3.67, < 7.4.3.68
HIGH7.5Path Traversal in Liferay Portal
>= 7.4.3.5, < 7.4.3.48
HIGH7.5Inefficient Regular Expression Complexity in Liferay Portal
>= 7.3.2, < 7.4.3.5
HIGH7.5Path Traversal in Liferay Portal
>= 7.3.3, < 7.4.3.19
HIGH7.5Liferay Portal Layout Module and Liferay DXP Exposes the Cross-Site Request Forgery (CSRF) Token in URLs
>= 7.1.0, < 7.3.3
HIGH7.5Liferay Portal and Liferay DXP insecure default configuration
from 0, < 7.3.3
HIGH7.5Liferay Portal and Liferay DXP Fails to Invalidate CAPTCHA Answers After Use
>= 7.3.4, < 7.3.6
HIGH7.5Open Redirect in Liferay Portal
from 0, < 7.3.3
HIGH7.2Liferay Portal and Liferay DXP Has Company Administrator Accounts Vulnerable to Takeovers
>= 7.0.3, < 7.3.5
MEDIUM6.5Liferay Portal and Liferay DXP vulnerable to theft of hashed password
>= 7.4.3.76, < 7.4.3.100
MEDIUM6.5Liferay Portal and Liferay DXP Allows Authenticated Users with View Permissions to Edit Permissions
>= 7.2.0, < 7.4.3.5-ga5
MEDIUM6.5Liferay Portal denial of service (memory consumption)
>= 7.2.0, < 7.3.7
MEDIUM6.5Liferay Portal has Inefficient Regular Expression
>= 7.4.3.48, < 7.4.3.77
MEDIUM6.5Liferay Portal and Liferay DXP Fails to Sanitize API Data
>= 7.0.0, < 7.3.2
MEDIUM6.4Cross-site scripting in Liferay Portal
>= 7.4.3.50, < 7.4.3.51
MEDIUM6.3Privilege escalation in Liferay Portal
from 0, < 7.4.3.16
MEDIUM6.3Liferay Portal and Liferay DXP Fails to Check User Permissions for Workflow Submissions
from 0, <= 7.3.2
MEDIUM6.1Liferay Portal Vulnerable to Reflected XSS via the selectedLanguageId Parameter
>= 7.4.3.8, < 7.4.3.112-ga112
MEDIUM6.1Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting
>= 7.1.0, < 7.4.3.39
MEDIUM6.1Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Two Forward Slashes
>= 7.2.0, < 7.4.3.13-ga13
MEDIUM6.1Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Replacement Character
>= 7.2.0, < 7.4.3.19-ga19
MEDIUM6.1Liferay Portal and Liferay DXP Vulnerable to Open Redirect in Countries Management's Edit Region Page
>= 7.4.3.45-ga45, < 7.4.3.102-ga102
MEDIUM6.1Liferay Portal and Liferay DXP Vulnerable to XSS via the Layout Module
>= 7.4.3.70-ga70, < 7.4.3.74-ga74
MEDIUM6.1Liferay Portal and Liferay DXP Vulnerable to Open Redirect via the Layout Module
>= 7.4.3.70-ga70, < 7.4.3.77-ga77
MEDIUM6.1Cross-site scripting in Liferay Portal
>= 7.3.4, < 7.4.3.69
MEDIUM6.1Cross-site scripting in Liferay Portal
>= 7.4.3.41, < 7.4.3.53
MEDIUM6.1Liferay Portal and Liferay DXP HtmlUtil.escapeRedirect Can Be Circumvented
>= 7.3.1-ga2, < 7.4.3.4-ga4
MEDIUM6.1Liferay Portal cross-site scripting (XSS) vulnerability in the Frontend Taglib module
>= 7.4.0, < 7.4.1
MEDIUM6.1Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS)
>= 7.1.0, <= 7.3.2
MEDIUM6.1Liferay Portal and Liferay DXP Allows Arbitrary Redirect of Users to External URLs
>= 7.0.0, <= 7.3.1
MEDIUM6.1Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via Membership Request Admin Page
>= 7.0.0, < 7.3.6
MEDIUM6.1Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in the Layout Admin Page
>= 7.3.4, < 7.3.6
MEDIUM6.1Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via Asset Module Parameter
MEDIUM6.1Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via the Redirect's Admin Page
>= 7.3.2, <= 7.3.5
MEDIUM6.1Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Asset Publisher App
>= 7.2.1, < 7.3.6
MEDIUM6.1Liferay Portal Vulnerable to Cross-Site Scripting (XSS) via Categories Admin Page
>= 7.3.4, < 7.3.5
MEDIUM6.1Liferay Portal Vulnerable to Cross-Site Scripting (XSS) via User Name Parameter
from 0, <= 7.1.3
MEDIUM6.1Liferay Portal XSS Vulnerability
from 0, < 7.0.3-GA4
MEDIUM6.1Liferay Portal Vulnerable to XSS via a Knowledge Base Article Title
from 0, < 7.0.3-ga4
MEDIUM6.1Liferay Portal XSS Vulnerability
from 0, < 7.0.3-GA4
MEDIUM6.1Liferay Portal Vulnerable to XSS via a Crafted Redirect Field
from 0, < 7.0.3-ga4
MEDIUM6.1Liferay Portal Vulnerable to XSS via an Invalid portletId
from 0, < 7.0.3-ga4
MEDIUM6.1Liferay Portal Vulnerable to XSS via Mishandled Title or Summary in the Web Content Display
from 0, < 7.0.3-ga4
MEDIUM6.1Liferay Portal XSS vulnerability via movie parameter in the /html/portal/flash.jsp page
from 0, < 7.1.0-a1
MEDIUM5.9Liferay Portal and Liferay DXP Includes LDAP Credentials in the Page URL
>= 7.0.0, < 7.4.3.5-ga5
MEDIUM5.9Liferay Portal and Liferay DXP May Reveal S3 Store's Proxy Password
>= 7.0.0, < 7.3.6
MEDIUM5.4Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofing
from 0, < 7.4.3.4
MEDIUM5.4Liferay Portal and Liferay DXP Does Not Properly Restrict Membership to Child Site Based on Parent Site Options
>= 7.2.0, < 7.4.2-ga3
MEDIUM5.4Liferay Portal's account lockout does not invalidate existing user sessions
>= 7.2.0, < 7.3.1
MEDIUM5.4Cross-site scripting in Liferay Portal
>= 7.1.0, < 7.3.1
MEDIUM5.4Cross-site scripting in Liferay Portal
>= 7.4.3.21, < 7.4.3.63
MEDIUM5.4Cross-site scripting in Liferay Portal
>= 7.1.0, < 7.4.3.13
MEDIUM5.4Liferay Portal Journal Module and Liferay DXP Vulnerable to Cross-Site Scripting (XSS)
>= 7.3.0, < 7.3.4
MEDIUM5.4Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Edit Vocabulary Page
>= 7.0.0, <= 7.3.4
MEDIUM5.4Liferay Portal Vulnerable to Persistent Cross-Site Scripting (XSS) in MyAccountPortlet
>= 7.1.0, < 7.3.0
MEDIUM5.4Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS) in edit blog entry page
>= 7.3.2, < 7.3.7-ga8
MEDIUM5.3Liferay Portal and Liferay DXP User Enumeration Vulnerability
>= 7.2.0, < 7.4.3.27-ga27
MEDIUM5.3Liferay Portal and Liferay DXP HTTP Header Can Expose Versions
>= 7.2.0, < 7.4.3.26-ga26
MEDIUM5.3Liferay Portal and Liferay DXP Allows Templates to be Viewed via the UI or API
>= 7.2.0, < 7.4.3.5-ga5
MEDIUM5.3Liferay Portal allows attackers to discover the existence of sites
>= 7.2.0, < 7.4.2
MEDIUM5.3Insecure Default Initialization In Liferay Portal
>= 7.0.0, < 7.3.1
MEDIUM5.3Incorrect Default Permissions in Liferay Portal
>= 7.4.3.5, < 7.4.3.48
MEDIUM5.3Incorrect Default Permissions in Liferay Portal
>= 7.4.1, < 7.4.3.5
MEDIUM5.3Liferay Portal Insecure Default Configuration in auth.login.prompt.enabled
>= 7.0.0-a1, < 7.4.2-ga3
MEDIUM5.3Liferay Portal and Liferay DXP Reveals Data via Overly Verbose Error Messages
from 0, < 7.3.5
MEDIUM5.3Liferay Portal and Liferay DXP Bypass via Double Encoded URL
from 0, < 7.3.1
MEDIUM5.0Liferay Portal vulnerable to Denial of Service
from 0, < 7.4.3.16
MEDIUM4.9Liferay Portal and Liferay DXP Stores User Passwords in Cleartext
>= 7.3.0, <= 7.3.2
MEDIUM4.8Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page
>= 7.0.0, < 7.4.3.88
MEDIUM4.8Cross-site scripting in Liferay Portal
>= 7.4.0, < 7.4.3.31