| CVE-2025-4655 |
medium |
5.0 |
5.0 |
10mo ago |
Liferay Portal and Liferay DXP vulnerable to Server-Side Request Forgery |
|
| CVE-2025-43785 |
unknown |
— |
— |
9mo ago |
Liferay Portal and Liferay DXP vulnerable to Stored Cross-site Scripting |
|
| CVE-2025-43776 |
unknown |
— |
— |
9mo ago |
Liferay Portal and Liferay DXP vulnerable to store Cross-site Scripting |
|
| CVE-2025-43734 |
unknown |
— |
— |
10mo ago |
Liferay Portal 7.4.0 and Liferay DXP have a reflected cross-site scripting (XSS) vulnerability |
|
| CVE-2025-43735 |
unknown |
— |
— |
10mo ago |
Liferay Portal and Liferay DXP have a reflected cross-site scripting vulnerability |
|
| CVE-2025-43736 |
unknown |
— |
— |
10mo ago |
Liferay Portal and Liferay DXP have a Denial Of Service via File Upload (DOS) vulnerability |
|
| CVE-2025-4581 |
unknown |
— |
— |
10mo ago |
Liferay Portal and Liferay DXP vulnerable to Server-Side Request Forgery |
|
| CVE-2025-3760 |
unknown |
— |
— |
1y ago |
Liferay Cross-site Scripting vulnerability |
|
| CVE-2025-2565 |
unknown |
— |
— |
1y ago |
Liferay Portal and Liferay DXP Reveals Data via Forms |
|
| CVE-2025-2536 |
unknown |
— |
— |
1y ago |
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) |
|
| CVE-2023-37940 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page |
|
| CVE-2024-11993 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting |
|
| CVE-2024-26271 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the My Account Widget |
|
| CVE-2024-8980 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Vulnerable to CSRF in the Script Console |
|
| CVE-2024-38002 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Workflow Component Does Not Check User Permissions |
|
| CVE-2024-26272 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the Content Page Editor |
|
| CVE-2024-26273 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the Content Page Editor |
|
| CVE-2023-47795 |
unknown |
— |
— |
2y ago |
Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting |
|
| CVE-2024-25151 |
unknown |
— |
— |
2y ago |
Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofing |
|
| CVE-2024-26266 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting |
|
| CVE-2024-26269 |
unknown |
— |
— |
2y ago |
Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting |
|
| CVE-2024-25603 |
unknown |
— |
— |
2y ago |
Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting |
|
| CVE-2024-25152 |
unknown |
— |
— |
2y ago |
Liferay Portal Message Board widget and Liferay DXP vulnerable to stored Cross-site Scripting |
|
| CVE-2024-25147 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting |
|
| CVE-2023-42496 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting |
|
| CVE-2024-25601 |
unknown |
— |
— |
2y ago |
Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site Scripting |
|
| CVE-2024-25602 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site Scripting |
|
| CVE-2023-40191 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting |
|
| CVE-2023-42498 |
unknown |
— |
— |
2y ago |
Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting |
|
| CVE-2021-29038 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Does Not Obfuscate Password Reminder Answers |
|
| CVE-2021-29050 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery in Terms of Use Page |
|
| CVE-2024-26270 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP vulnerable to theft of hashed password |
|
| CVE-2024-26268 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP User Enumeration Vulnerability |
|
| CVE-2024-26267 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP HTTP Header Can Expose Versions |
|
| CVE-2024-25610 |
unknown |
— |
— |
2y ago |
Liferay Portal has a Stored XSS with Blog entries (Insecure defaults) |
|
| CVE-2024-25607 |
unknown |
— |
— |
2y ago |
Liferay Portal defaults to a low work factor for the default password hashing algorithm |
|
| CVE-2024-25609 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Two Forward Slashes |
|
| CVE-2024-25608 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Replacement Character |
|
| CVE-2024-25604 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Allows Authenticated Users with View Permissions to Edit Permissions |
|
| CVE-2024-25606 |
unknown |
— |
— |
2y ago |
Liferay Portal has an XXE vulnerability in Java2WsddTask._format |
|
| CVE-2024-25605 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Allows Templates to be Viewed via the UI or API |
|
| CVE-2024-25149 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Does Not Properly Restrict Membership to Child Site Based on Parent Site Options |
|
| CVE-2024-25150 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Information Disclosure Vulnerability in the Control Panel |
|
| CVE-2023-5190 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Vulnerable to Open Redirect in Countries Management's Edit Region Page |
|
| CVE-2024-25148 |
unknown |
— |
— |
2y ago |
Liferay Portal vulnerable to user impersonation |
|
| CVE-2024-25146 |
unknown |
— |
— |
2y ago |
Liferay Portal allows attackers to discover the existence of sites |
|
| CVE-2024-25144 |
unknown |
— |
— |
2y ago |
Liferay Portal denial-of-service vulnerability |
|
| CVE-2023-47798 |
unknown |
— |
— |
2y ago |
Liferay Portal's account lockout does not invalidate existing user sessions |
|
| CVE-2024-25145 |
unknown |
— |
— |
2y ago |
Liferay Portal stored cross-site scripting (XSS) vulnerability |
|
| CVE-2023-42627 |
unknown |
— |
— |
3y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS in the Commerce Module |
|
| CVE-2023-42628 |
unknown |
— |
— |
3y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS in the Wiki Widget |
|
| CVE-2023-44310 |
unknown |
— |
— |
3y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS via the Page Tree Menu |
|
| CVE-2023-44311 |
unknown |
— |
— |
3y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS via the OAuth2ProviderApplicationRedirect Class |
|
| CVE-2023-42497 |
unknown |
— |
— |
3y ago |
Liferay Portal and Liferay DXP Vulnerable to Reflected XSS via the Export for Translation Page |
|
| CVE-2023-42629 |
unknown |
— |
— |
3y ago |
Liferay Portal and Liferay DXP Vulnerable to Stored XSS in the Manage Vocabulary Page |
|
| CVE-2023-44309 |
unknown |
— |
— |
3y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS in the Fragment Components |
|
| CVE-2023-3426 |
unknown |
— |
— |
3y ago |
Liferay Portal and Liferay DXP Organization Selector Does Not Check User Permissions |
|
| CVE-2023-35030 |
unknown |
— |
— |
3y ago |
Liferay Portal and Liferay DXP Vulnerable to CSRF via the Layout Module |
|
| CVE-2023-3193 |
unknown |
— |
— |
3y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS via the Layout Module |
|
| CVE-2023-35029 |
unknown |
— |
— |
3y ago |
Liferay Portal and Liferay DXP Vulnerable to Open Redirect via the Layout Module |
|
| CVE-2022-42122 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to SQL Injection via Friendly URL Module |
|
| CVE-2022-42111 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS via the Sharing Module |
|
| CVE-2022-42119 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS via the Commerce Module |
|
| CVE-2022-42132 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Includes LDAP Credentials in the Page URL |
|
| CVE-2022-42121 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to SQL Injection via the Layout Module |
|
| CVE-2022-42120 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to SQL Injection via the Fragment Module |
|
| CVE-2022-42110 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS via the Announcements Module |
|
| CVE-2022-42118 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS via the Portal Search Module |
|
| CVE-2022-42112 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS via the Portal Search Module |
|
| CVE-2022-42116 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS in the CKEditor Integration with the Frontend Editor Module |
|
| CVE-2022-42113 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS via the Document Library Module |
|
| CVE-2022-42114 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS via the Role Module |
|
| CVE-2022-42117 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS in the Frontend Taglib Module |
|
| CVE-2022-28977 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP HtmlUtil.escapeRedirect Can Be Circumvented |
|
| CVE-2022-28980 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS via the filter_ Prefix |
|
| CVE-2022-28979 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS in the Portal Search Module |
|
| CVE-2022-28978 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS in the Site Module |
|
| CVE-2022-38512 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Fails to Check Permissions in Translation Module |
|
| CVE-2021-33322 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP fails to invalidate password reset tokens after use |
|
| CVE-2021-29049 |
unknown |
— |
— |
4y ago |
Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via the currentURL Parameter |
|
| CVE-2021-33335 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Has Company Administrator Accounts Vulnerable to Takeovers |
|
| CVE-2021-33339 |
unknown |
— |
— |
4y ago |
Liferay Portal Fragment Module and Liferay DXP Vulnerable to Cross-Site Scripting |
|
| CVE-2021-33336 |
unknown |
— |
— |
4y ago |
Liferay Portal Journal Module and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) |
|
| CVE-2021-33338 |
unknown |
— |
— |
4y ago |
Liferay Portal Layout Module and Liferay DXP Exposes the Cross-Site Request Forgery (CSRF) Token in URLs |
|
| CVE-2021-33337 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Cross-site scripting (XSS) vulnerability in the Document Library module |
|
| CVE-2021-33323 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP autosaves form data for other users to see |
|
| CVE-2021-33328 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Edit Vocabulary Page |
|
| CVE-2021-33327 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP does not properly check user permission |
|
| CVE-2021-33325 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Stores User Passwords in Cleartext |
|
| CVE-2021-33326 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Cross-site scripting (XSS) vulnerability in the Frontend JS module |
|
| CVE-2021-33324 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Don't Check Permissions of Pages |
|
| CVE-2021-33320 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP vulnerable to email spam via lack of flagging rate |
|
| CVE-2021-33334 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Fails to Properly Check User Permissions |
|
| CVE-2021-33333 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Fails to Check User Permissions for Workflow Submissions |
|
| CVE-2021-33331 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Allows Arbitrary Redirect of Users to External URLs |
|
| CVE-2021-33332 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) |
|
| CVE-2021-29045 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via the Redirect's Admin Page |
|
| CVE-2021-29043 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP May Reveal S3 Store's Proxy Password |
|
| CVE-2021-29048 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in the Layout Admin Page |
|
| CVE-2021-29046 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via Asset Module Parameter |
|