| CVE-2017-12649 |
medium |
6.1 |
6.1 |
9y ago |
Liferay Portal Vulnerable to XSS via Mishandled Title or Summary in the Web Content Display |
|
| CVE-2017-12648 |
medium |
6.1 |
6.1 |
9y ago |
Liferay Portal XSS Vulnerability |
|
| CVE-2017-12647 |
medium |
6.1 |
6.1 |
9y ago |
Liferay Portal Vulnerable to XSS via a Knowledge Base Article Title |
|
| CVE-2017-12646 |
medium |
6.1 |
6.1 |
9y ago |
Liferay Portal XSS Vulnerability |
|
| CVE-2017-12645 |
medium |
6.1 |
6.1 |
9y ago |
Liferay Portal Vulnerable to XSS via an Invalid portletId |
|
| CVE-2016-10404 |
medium |
6.1 |
6.1 |
9y ago |
Liferay Portal Vulnerable to XSS via a Crafted Redirect Field |
|
| CVE-2025-4655 |
medium |
5.0 |
5.0 |
10mo ago |
Liferay Portal and Liferay DXP vulnerable to Server-Side Request Forgery |
|
| CVE-2025-62264 |
unknown |
— |
— |
7mo ago |
Liferay Portal Vulnerable to Reflected XSS via the selectedLanguageId Parameter |
|
| CVE-2025-62265 |
unknown |
— |
— |
7mo ago |
Liferay Portal is vulnerable to XSS in the Blogs widget |
|
| CVE-2025-62266 |
unknown |
— |
— |
7mo ago |
Liferay Portal is vulnerable to DNS rebinding attacks |
|
| CVE-2025-62257 |
unknown |
— |
— |
7mo ago |
Liferay Portal vulnerable to password enumeration |
|
| CVE-2025-62259 |
unknown |
— |
— |
7mo ago |
Liferay Portal Does Not Limit Access to APIs Before Email Verification |
|
| CVE-2025-62258 |
unknown |
— |
— |
7mo ago |
Liferay Portal Vulnerable to CSRF in Headless APIs |
|
| CVE-2025-62260 |
unknown |
— |
— |
7mo ago |
Liferay Portal Vulnerable to DoS via Crafted Headless API Request |
|
| CVE-2025-62261 |
unknown |
— |
— |
7mo ago |
Liferay Portal Stores Password Reset Tokens in Plain Text |
|
| CVE-2025-43830 |
unknown |
— |
— |
8mo ago |
Liferay Portal is vulnerable to Stored XSS through Forms text type field |
|
| CVE-2025-43823 |
unknown |
— |
— |
8mo ago |
Liferay Portal is vulnerable to XSS through its Commerce Search Result widget |
|
| CVE-2025-43822 |
unknown |
— |
— |
8mo ago |
Liferay Portal has multiple Stored XSS vulnerabilities on its View Order page |
|
| CVE-2025-43824 |
unknown |
— |
— |
8mo ago |
Liferay Profile Widget does not prevent vCard extension spoofing |
|
| CVE-2025-43826 |
unknown |
— |
— |
8mo ago |
Liferay Portal Vulnerable to XSS in Web Content translation |
|
| CVE-2025-43813 |
unknown |
— |
— |
8mo ago |
Liferay Portal vulnerable to path traversal and denial-of-service in the ComboServlet |
|
| CVE-2025-43820 |
unknown |
— |
— |
8mo ago |
Liferay Portal vulnerable to cross-site scripting in the Calendar widget |
|
| CVE-2025-43817 |
unknown |
— |
— |
8mo ago |
Liferay Portal vulnerable to reflected cross-site scripting via the `redirect` parameter |
|
| CVE-2025-43812 |
unknown |
— |
— |
8mo ago |
Liferay Portal vulnerable to cross-site scripting in the web content template |
|
| CVE-2025-43799 |
unknown |
— |
— |
8mo ago |
Liferay Portal Uses Default Password |
|
| CVE-2025-43785 |
unknown |
— |
— |
9mo ago |
Liferay Portal and Liferay DXP vulnerable to Stored Cross-site Scripting |
|
| CVE-2025-43776 |
unknown |
— |
— |
9mo ago |
Liferay Portal and Liferay DXP vulnerable to store Cross-site Scripting |
|
| CVE-2025-43760 |
unknown |
— |
— |
9mo ago |
Liferay Portal Reflected Cross-Site Scripting Vulnerability via PortalUtil.escapeRedirect |
|
| CVE-2025-43752 |
unknown |
— |
— |
9mo ago |
Liferay Portal's Unlimited File Upload Could Result in DoS |
|
| CVE-2025-43754 |
unknown |
— |
— |
9mo ago |
Liferay Portal Username Enumeration Vulnerability |
|
| CVE-2025-43756 |
unknown |
— |
— |
9mo ago |
Liferay Portal Reflected Cross-Site Scripting Vulnerability via snippet Parameter |
|
| CVE-2025-43746 |
unknown |
— |
— |
9mo ago |
Liferay Portal Vulnerable to Cross-Site Scripting in Dynamic Data Mapping |
|
| CVE-2025-43757 |
unknown |
— |
— |
9mo ago |
Liferay Portal Vulnerable to Cross-Site Scripting via DDMPortlet_definition Parameter |
|
| CVE-2025-43748 |
unknown |
— |
— |
9mo ago |
Liferay Portal Vulnerable to Cross-Site Request Forgery |
|
| CVE-2025-43749 |
unknown |
— |
— |
9mo ago |
Liferay Portal Unauthenticated File Access via URL |
|
| CVE-2025-43741 |
unknown |
— |
— |
9mo ago |
Liferay Portal Vulnerable to Cross-Site Scripting via assetTagNames Parameter |
|
| CVE-2025-43743 |
unknown |
— |
— |
9mo ago |
Liferay Portal Enumeration Discrepancy in Calendars |
|
| CVE-2025-43744 |
unknown |
— |
— |
9mo ago |
Liferay Portal Vulnerable to Cross-Site Scripting via DDM Structure Field Labels |
|
| CVE-2025-43745 |
unknown |
— |
— |
9mo ago |
Liferay Portal CSRF Vulnerability via Endpoint Parameter |
|
| CVE-2025-43740 |
unknown |
— |
— |
9mo ago |
Liferay Portal has Stored Cross-Site Scripting Vulnerability via Message Boards Feature |
|
| CVE-2025-43731 |
unknown |
— |
— |
9mo ago |
Liferay Portal Vulnerable to Cross-Site Scripting |
|
| CVE-2025-3639 |
unknown |
— |
— |
9mo ago |
Liferay Portal Login Bypass Vulnerability |
|
| CVE-2025-43734 |
unknown |
— |
— |
10mo ago |
Liferay Portal 7.4.0 and Liferay DXP have a reflected cross-site scripting (XSS) vulnerability |
|
| CVE-2025-43735 |
unknown |
— |
— |
10mo ago |
Liferay Portal and Liferay DXP have a reflected cross-site scripting vulnerability |
|
| CVE-2025-43736 |
unknown |
— |
— |
10mo ago |
Liferay Portal and Liferay DXP have a Denial Of Service via File Upload (DOS) vulnerability |
|
| CVE-2025-4581 |
unknown |
— |
— |
10mo ago |
Liferay Portal and Liferay DXP vulnerable to Server-Side Request Forgery |
|
| CVE-2025-3760 |
unknown |
— |
— |
1y ago |
Liferay Cross-site Scripting vulnerability |
|
| CVE-2025-2565 |
unknown |
— |
— |
1y ago |
Liferay Portal and Liferay DXP Reveals Data via Forms |
|
| CVE-2025-2536 |
unknown |
— |
— |
1y ago |
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) |
|
| CVE-2023-37940 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page |
|
| CVE-2024-11993 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting |
|
| CVE-2024-8980 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Vulnerable to CSRF in the Script Console |
|
| CVE-2024-38002 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Workflow Component Does Not Check User Permissions |
|
| CVE-2024-26273 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the Content Page Editor |
|
| CVE-2024-26272 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the Content Page Editor |
|
| CVE-2024-26271 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the My Account Widget |
|
| CVE-2023-47795 |
unknown |
— |
— |
2y ago |
Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting |
|
| CVE-2024-25151 |
unknown |
— |
— |
2y ago |
Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofing |
|
| CVE-2024-26269 |
unknown |
— |
— |
2y ago |
Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting |
|
| CVE-2024-26266 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting |
|
| CVE-2024-25603 |
unknown |
— |
— |
2y ago |
Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting |
|
| CVE-2023-40191 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting |
|
| CVE-2024-25602 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site Scripting |
|
| CVE-2024-25601 |
unknown |
— |
— |
2y ago |
Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site Scripting |
|
| CVE-2024-25152 |
unknown |
— |
— |
2y ago |
Liferay Portal Message Board widget and Liferay DXP vulnerable to stored Cross-site Scripting |
|
| CVE-2024-25147 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting |
|
| CVE-2023-42498 |
unknown |
— |
— |
2y ago |
Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting |
|
| CVE-2023-42496 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting |
|
| CVE-2024-26268 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP User Enumeration Vulnerability |
|
| CVE-2024-26270 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP vulnerable to theft of hashed password |
|
| CVE-2024-26267 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP HTTP Header Can Expose Versions |
|
| CVE-2024-26265 |
unknown |
— |
— |
2y ago |
Liferay Portal vulnerable to Denial of Service |
|
| CVE-2024-25610 |
unknown |
— |
— |
2y ago |
Liferay Portal has a Stored XSS with Blog entries (Insecure defaults) |
|
| CVE-2024-25608 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Replacement Character |
|
| CVE-2024-25607 |
unknown |
— |
— |
2y ago |
Liferay Portal defaults to a low work factor for the default password hashing algorithm |
|
| CVE-2024-25609 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Two Forward Slashes |
|
| CVE-2024-25604 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Allows Authenticated Users with View Permissions to Edit Permissions |
|
| CVE-2024-25605 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Allows Templates to be Viewed via the UI or API |
|
| CVE-2024-25606 |
unknown |
— |
— |
2y ago |
Liferay Portal has an XXE vulnerability in Java2WsddTask._format |
|
| CVE-2024-25149 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Does Not Properly Restrict Membership to Child Site Based on Parent Site Options |
|
| CVE-2024-25150 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Information Disclosure Vulnerability in the Control Panel |
|
| CVE-2023-5190 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Vulnerable to Open Redirect in Countries Management's Edit Region Page |
|
| CVE-2022-45320 |
unknown |
— |
— |
2y ago |
Privilege escalation in Liferay Portal |
|
| CVE-2024-25148 |
unknown |
— |
— |
2y ago |
Liferay Portal vulnerable to user impersonation |
|
| CVE-2024-25144 |
unknown |
— |
— |
2y ago |
Liferay Portal denial-of-service vulnerability |
|
| CVE-2024-25146 |
unknown |
— |
— |
2y ago |
Liferay Portal allows attackers to discover the existence of sites |
|
| CVE-2023-47798 |
unknown |
— |
— |
2y ago |
Liferay Portal's account lockout does not invalidate existing user sessions |
|
| CVE-2024-25143 |
unknown |
— |
— |
2y ago |
Liferay Portal denial of service (memory consumption) |
|
| CVE-2024-25145 |
unknown |
— |
— |
2y ago |
Liferay Portal stored cross-site scripting (XSS) vulnerability |
|
| CVE-2023-47797 |
unknown |
— |
— |
3y ago |
Liferay Portal XSS with `p_l_back_url_title` on edit content page |
|
| CVE-2023-35029 |
unknown |
— |
— |
3y ago |
Liferay Portal and Liferay DXP Vulnerable to Open Redirect via the Layout Module |
|
| CVE-2023-35030 |
unknown |
— |
— |
3y ago |
Liferay Portal and Liferay DXP Vulnerable to CSRF via the Layout Module |
|
| CVE-2023-3193 |
unknown |
— |
— |
3y ago |
Liferay Portal and Liferay DXP Vulnerable to XSS via the Layout Module |
|
| CVE-2023-33950 |
unknown |
— |
— |
3y ago |
Liferay Portal has Inefficient Regular Expression |
|
| CVE-2023-33949 |
unknown |
— |
— |
3y ago |
Insecure Default Initialization In Liferay Portal |
|
| CVE-2023-33948 |
unknown |
— |
— |
3y ago |
Missing authorization in Liferay portal |
|
| CVE-2023-33947 |
unknown |
— |
— |
3y ago |
Liferay portal has unauthorized access to object definition via search |
|
| CVE-2023-33946 |
unknown |
— |
— |
3y ago |
Liferay portal unauthorized access to objects via OAuth 2 scope |
|
| CVE-2023-33945 |
unknown |
— |
— |
3y ago |
SQL injection in Liferay Portal |
|
| CVE-2023-33944 |
unknown |
— |
— |
3y ago |
Cross-site scripting in Liferay Portal |
|