| CVE-2025-4655 |
medium |
5.0 |
5.0 |
10mo ago |
Liferay Portal and Liferay DXP vulnerable to Server-Side Request Forgery |
|
| CVE-2025-43785 |
unknown |
— |
— |
9mo ago |
Liferay Portal and Liferay DXP vulnerable to Stored Cross-site Scripting |
|
| CVE-2025-43736 |
unknown |
— |
— |
10mo ago |
Liferay Portal and Liferay DXP have a Denial Of Service via File Upload (DOS) vulnerability |
|
| CVE-2025-4581 |
unknown |
— |
— |
10mo ago |
Liferay Portal and Liferay DXP vulnerable to Server-Side Request Forgery |
|
| CVE-2025-2565 |
unknown |
— |
— |
1y ago |
Liferay Portal and Liferay DXP Reveals Data via Forms |
|
| CVE-2025-2536 |
unknown |
— |
— |
1y ago |
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) |
|
| CVE-2024-11993 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting |
|
| CVE-2024-26271 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the My Account Widget |
|
| CVE-2024-8980 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Vulnerable to CSRF in the Script Console |
|
| CVE-2024-38002 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Workflow Component Does Not Check User Permissions |
|
| CVE-2024-26273 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the Content Page Editor |
|
| CVE-2024-25151 |
unknown |
— |
— |
2y ago |
Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofing |
|
| CVE-2024-25603 |
unknown |
— |
— |
2y ago |
Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting |
|
| CVE-2023-42496 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting |
|
| CVE-2023-40191 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting |
|
| CVE-2023-42498 |
unknown |
— |
— |
2y ago |
Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting |
|
| CVE-2024-25601 |
unknown |
— |
— |
2y ago |
Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site Scripting |
|
| CVE-2024-26267 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP HTTP Header Can Expose Versions |
|
| CVE-2024-25607 |
unknown |
— |
— |
2y ago |
Liferay Portal defaults to a low work factor for the default password hashing algorithm |
|
| CVE-2024-25608 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Replacement Character |
|
| CVE-2024-25609 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Two Forward Slashes |
|
| CVE-2024-25606 |
unknown |
— |
— |
2y ago |
Liferay Portal has an XXE vulnerability in Java2WsddTask._format |
|
| CVE-2024-25150 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Information Disclosure Vulnerability in the Control Panel |
|
| CVE-2023-5190 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Vulnerable to Open Redirect in Countries Management's Edit Region Page |
|
| CVE-2023-47798 |
unknown |
— |
— |
2y ago |
Liferay Portal's account lockout does not invalidate existing user sessions |
|
| CVE-2024-25145 |
unknown |
— |
— |
2y ago |
Liferay Portal stored cross-site scripting (XSS) vulnerability |
|
| CVE-2023-42628 |
unknown |
— |
— |
3y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS in the Wiki Widget |
|
| CVE-2023-44310 |
unknown |
— |
— |
3y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS via the Page Tree Menu |
|
| CVE-2023-44311 |
unknown |
— |
— |
3y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS via the OAuth2ProviderApplicationRedirect Class |
|
| CVE-2023-42629 |
unknown |
— |
— |
3y ago |
Liferay Portal and Liferay DXP Vulnerable to Stored XSS in the Manage Vocabulary Page |
|
| CVE-2023-44309 |
unknown |
— |
— |
3y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS in the Fragment Components |
|
| CVE-2022-42132 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Includes LDAP Credentials in the Page URL |
|
| CVE-2022-42122 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to SQL Injection via Friendly URL Module |
|
| CVE-2022-42121 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to SQL Injection via the Layout Module |
|
| CVE-2022-42110 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS via the Announcements Module |
|
| CVE-2022-42112 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS via the Portal Search Module |
|
| CVE-2022-42116 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS in the CKEditor Integration with the Frontend Editor Module |
|
| CVE-2022-42114 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS via the Role Module |
|
| CVE-2022-42117 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS in the Frontend Taglib Module |
|
| CVE-2022-28979 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS in the Portal Search Module |
|
| CVE-2022-38512 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Fails to Check Permissions in Translation Module |
|
| CVE-2022-28978 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS in the Site Module |
|
| CVE-2022-28980 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS via the filter_ Prefix |
|
| CVE-2021-33335 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Has Company Administrator Accounts Vulnerable to Takeovers |
|
| CVE-2021-33336 |
unknown |
— |
— |
4y ago |
Liferay Portal Journal Module and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) |
|
| CVE-2021-33338 |
unknown |
— |
— |
4y ago |
Liferay Portal Layout Module and Liferay DXP Exposes the Cross-Site Request Forgery (CSRF) Token in URLs |
|
| CVE-2021-33339 |
unknown |
— |
— |
4y ago |
Liferay Portal Fragment Module and Liferay DXP Vulnerable to Cross-Site Scripting |
|
| CVE-2021-33326 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Cross-site scripting (XSS) vulnerability in the Frontend JS module |
|
| CVE-2021-33323 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP autosaves form data for other users to see |
|
| CVE-2021-33324 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Don't Check Permissions of Pages |
|
| CVE-2021-33325 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Stores User Passwords in Cleartext |
|
| CVE-2021-33334 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Fails to Properly Check User Permissions |
|
| CVE-2021-33333 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Fails to Check User Permissions for Workflow Submissions |
|
| CVE-2021-33332 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) |
|
| CVE-2021-29048 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in the Layout Admin Page |
|
| CVE-2021-29046 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via Asset Module Parameter |
|
| CVE-2021-29053 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to Multiple SQL Injections |
|
| CVE-2021-29051 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Asset Publisher App |
|
| CVE-2021-29041 |
unknown |
— |
— |
4y ago |
Liferay DXP Vulnerable to Denial-of-service (DoS) in the Multi-Factor Authentication Module |
|
| CVE-2021-29047 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Fails to Invalidate CAPTCHA Answers After Use |
|
| CVE-2021-29040 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Reveals Data via Overly Verbose Error Messages |
|
| CVE-2020-15841 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Potentially Reveal LDAP Server Password via Unsafe Connection |
|
| CVE-2020-13444 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Fails to Sanitize API Data |
|
| CVE-2022-26597 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP allows arbitrary injection via the site name |
|
| CVE-2022-26595 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP fails to check permissions to view sites/groups |
|
| CVE-2022-26594 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP allows arbitrary injection via form field |
|
| CVE-2021-38266 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP fails to properly import users from LDAP |
|
| CVE-2021-38265 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS) |
|
| CVE-2021-38263 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP cross-site scripting (XSS) vulnerability via the script console |
|
| CVE-2022-25146 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP fails to check origin of event messages |
|
| CVE-2021-38268 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP has incorrect default permissions for site members |
|
| CVE-2020-15839 |
unknown |
— |
— |
4y ago |
Unrestricted Upload of File with Dangerous Type in Liferay Portal and Liferay DXP |
|