| CVE-2025-4655 |
medium |
5.0 |
5.0 |
10mo ago |
Liferay Portal and Liferay DXP vulnerable to Server-Side Request Forgery |
|
| CVE-2025-43785 |
unknown |
— |
— |
9mo ago |
Liferay Portal and Liferay DXP vulnerable to Stored Cross-site Scripting |
|
| CVE-2025-4581 |
unknown |
— |
— |
10mo ago |
Liferay Portal and Liferay DXP vulnerable to Server-Side Request Forgery |
|
| CVE-2024-11993 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting |
|
| CVE-2024-38002 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Workflow Component Does Not Check User Permissions |
|
| CVE-2024-26271 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the My Account Widget |
|
| CVE-2024-25603 |
unknown |
— |
— |
2y ago |
Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting |
|
| CVE-2023-42496 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting |
|
| CVE-2023-40191 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting |
|
| CVE-2023-42498 |
unknown |
— |
— |
2y ago |
Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting |
|
| CVE-2024-26267 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP HTTP Header Can Expose Versions |
|
| CVE-2024-25608 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Replacement Character |
|
| CVE-2024-25607 |
unknown |
— |
— |
2y ago |
Liferay Portal defaults to a low work factor for the default password hashing algorithm |
|
| CVE-2024-25609 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Two Forward Slashes |
|
| CVE-2024-25606 |
unknown |
— |
— |
2y ago |
Liferay Portal has an XXE vulnerability in Java2WsddTask._format |
|
| CVE-2024-25150 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Information Disclosure Vulnerability in the Control Panel |
|
| CVE-2023-47798 |
unknown |
— |
— |
2y ago |
Liferay Portal's account lockout does not invalidate existing user sessions |
|
| CVE-2023-44311 |
unknown |
— |
— |
3y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS via the OAuth2ProviderApplicationRedirect Class |
|
| CVE-2022-42110 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS via the Announcements Module |
|
| CVE-2022-42116 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS in the CKEditor Integration with the Frontend Editor Module |
|
| CVE-2022-42112 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS via the Portal Search Module |
|
| CVE-2022-28980 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS via the filter_ Prefix |
|
| CVE-2022-28979 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS in the Portal Search Module |
|
| CVE-2022-28978 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS in the Site Module |
|
| CVE-2021-33335 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Has Company Administrator Accounts Vulnerable to Takeovers |
|
| CVE-2021-33339 |
unknown |
— |
— |
4y ago |
Liferay Portal Fragment Module and Liferay DXP Vulnerable to Cross-Site Scripting |
|
| CVE-2021-33338 |
unknown |
— |
— |
4y ago |
Liferay Portal Layout Module and Liferay DXP Exposes the Cross-Site Request Forgery (CSRF) Token in URLs |
|
| CVE-2021-33325 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Stores User Passwords in Cleartext |
|
| CVE-2021-33324 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Don't Check Permissions of Pages |
|
| CVE-2021-29048 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in the Layout Admin Page |
|
| CVE-2021-29041 |
unknown |
— |
— |
4y ago |
Liferay DXP Vulnerable to Denial-of-service (DoS) in the Multi-Factor Authentication Module |
|
| CVE-2021-29040 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Reveals Data via Overly Verbose Error Messages |
|
| CVE-2020-15841 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Potentially Reveal LDAP Server Password via Unsafe Connection |
|
| CVE-2020-13444 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Fails to Sanitize API Data |
|
| CVE-2022-26597 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP allows arbitrary injection via the site name |
|
| CVE-2022-26595 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP fails to check permissions to view sites/groups |
|
| CVE-2022-26594 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP allows arbitrary injection via form field |
|
| CVE-2021-38265 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS) |
|