VIR Vulnerability Intelligence Relay

Package impact

java Maven / com.liferay.portal:release.portal.bom

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2017-12649 medium 6.1 6.1 9y ago Liferay Portal Vulnerable to XSS via Mishandled Title or Summary in the Web Content Display java
CVE-2017-12648 medium 6.1 6.1 9y ago Liferay Portal XSS Vulnerability java
CVE-2017-12647 medium 6.1 6.1 9y ago Liferay Portal Vulnerable to XSS via a Knowledge Base Article Title java
CVE-2017-12646 medium 6.1 6.1 9y ago Liferay Portal XSS Vulnerability java
CVE-2017-12645 medium 6.1 6.1 9y ago Liferay Portal Vulnerable to XSS via an Invalid portletId java
CVE-2016-10404 medium 6.1 6.1 9y ago Liferay Portal Vulnerable to XSS via a Crafted Redirect Field java
CVE-2025-4655 medium 5.0 5.0 10mo ago Liferay Portal and Liferay DXP vulnerable to Server-Side Request Forgery java
CVE-2025-62264 unknown 7mo ago Liferay Portal Vulnerable to Reflected XSS via the selectedLanguageId Parameter java
CVE-2025-62265 unknown 7mo ago Liferay Portal is vulnerable to XSS in the Blogs widget java
CVE-2025-62266 unknown 7mo ago Liferay Portal is vulnerable to DNS rebinding attacks java
CVE-2025-62257 unknown 7mo ago Liferay Portal vulnerable to password enumeration java
CVE-2025-62259 unknown 7mo ago Liferay Portal Does Not Limit Access to APIs Before Email Verification java
CVE-2025-62258 unknown 7mo ago Liferay Portal Vulnerable to CSRF in Headless APIs java
CVE-2025-43830 unknown 8mo ago Liferay Portal is vulnerable to Stored XSS through Forms text type field java
CVE-2025-43822 unknown 8mo ago Liferay Portal has multiple Stored XSS vulnerabilities on its View Order page java
CVE-2025-43813 unknown 8mo ago Liferay Portal vulnerable to path traversal and denial-of-service in the ComboServlet java
CVE-2025-43812 unknown 8mo ago Liferay Portal vulnerable to cross-site scripting in the web content template java
CVE-2025-43799 unknown 9mo ago Liferay Portal Uses Default Password java
CVE-2025-43785 unknown 9mo ago Liferay Portal and Liferay DXP vulnerable to Stored Cross-site Scripting java
CVE-2025-43760 unknown 9mo ago Liferay Portal Reflected Cross-Site Scripting Vulnerability via PortalUtil.escapeRedirect java
CVE-2025-43757 unknown 9mo ago Liferay Portal Vulnerable to Cross-Site Scripting via DDMPortlet_definition Parameter java
CVE-2025-43749 unknown 9mo ago Liferay Portal Unauthenticated File Access via URL java
CVE-2025-43741 unknown 9mo ago Liferay Portal Vulnerable to Cross-Site Scripting via assetTagNames Parameter java
CVE-2025-43743 unknown 9mo ago Liferay Portal Enumeration Discrepancy in Calendars java
CVE-2025-43745 unknown 9mo ago Liferay Portal CSRF Vulnerability via Endpoint Parameter java
CVE-2025-43731 unknown 9mo ago Liferay Portal Vulnerable to Cross-Site Scripting java
CVE-2025-3639 unknown 9mo ago Liferay Portal Login Bypass Vulnerability java
CVE-2025-43736 unknown 10mo ago Liferay Portal and Liferay DXP have a Denial Of Service via File Upload (DOS) vulnerability java
CVE-2025-4581 unknown 10mo ago Liferay Portal and Liferay DXP vulnerable to Server-Side Request Forgery java
CVE-2025-2565 unknown 1y ago Liferay Portal and Liferay DXP Reveals Data via Forms java
CVE-2025-2536 unknown 1y ago Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) java
CVE-2024-11993 unknown 2y ago Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting java
CVE-2024-8980 unknown 2y ago Liferay Portal and Liferay DXP Vulnerable to CSRF in the Script Console java
CVE-2024-26271 unknown 2y ago Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the My Account Widget java
CVE-2024-26273 unknown 2y ago Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the Content Page Editor java
CVE-2024-38002 unknown 2y ago Liferay Portal and Liferay DXP Workflow Component Does Not Check User Permissions java
CVE-2024-25151 unknown 2y ago Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofing java
CVE-2024-25603 unknown 2y ago Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting java
CVE-2023-40191 unknown 2y ago Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting java
CVE-2024-25601 unknown 2y ago Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site Scripting java
CVE-2023-42498 unknown 2y ago Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting java
CVE-2023-42496 unknown 2y ago Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting java
CVE-2024-26267 unknown 2y ago Liferay Portal and Liferay DXP HTTP Header Can Expose Versions java
CVE-2024-26265 unknown 2y ago Liferay Portal vulnerable to Denial of Service java
CVE-2024-25608 unknown 2y ago Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Replacement Character java
CVE-2024-25609 unknown 2y ago Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Two Forward Slashes java
CVE-2024-25607 unknown 2y ago Liferay Portal defaults to a low work factor for the default password hashing algorithm java
CVE-2024-25606 unknown 2y ago Liferay Portal has an XXE vulnerability in Java2WsddTask._format java
CVE-2024-25150 unknown 2y ago Liferay Portal and Liferay DXP Information Disclosure Vulnerability in the Control Panel java
CVE-2023-5190 unknown 2y ago Liferay Portal and Liferay DXP Vulnerable to Open Redirect in Countries Management's Edit Region Page java
CVE-2023-47798 unknown 2y ago Liferay Portal's account lockout does not invalidate existing user sessions java
CVE-2024-25143 unknown 2y ago Liferay Portal denial of service (memory consumption) java
CVE-2024-25145 unknown 2y ago Liferay Portal stored cross-site scripting (XSS) vulnerability java
CVE-2023-33945 unknown 3y ago SQL injection in Liferay Portal java
CVE-2023-33946 unknown 3y ago Liferay portal unauthorized access to objects via OAuth 2 scope java
CVE-2023-33947 unknown 3y ago Liferay portal has unauthorized access to object definition via search java
CVE-2023-33950 unknown 3y ago Liferay Portal has Inefficient Regular Expression java
CVE-2023-33949 unknown 3y ago Insecure Default Initialization In Liferay Portal java
CVE-2023-33939 unknown 3y ago Cross-site scripting in Liferay Portal java
CVE-2022-42126 unknown 4y ago Missing permissions check in Liferay Portal java
CVE-2022-42122 unknown 4y ago Liferay Portal and Liferay DXP Vulnerable to SQL Injection via Friendly URL Module java
CVE-2022-42129 unknown 4y ago Authorization Bypass in Liferay Portal java
CVE-2022-42131 unknown 4y ago Improper Certificate Validation in Liferay Portal java
CVE-2022-42123 unknown 4y ago Path Traversal in Liferay Portal java
CVE-2022-42132 unknown 4y ago Liferay Portal and Liferay DXP Includes LDAP Credentials in the Page URL java
CVE-2022-42125 unknown 4y ago Path Traversal in Liferay Portal java
CVE-2022-42127 unknown 4y ago Incorrect Default Permissions in Liferay Portal java
CVE-2022-41414 unknown 4y ago Liferay Portal Insecure Default Configuration in auth.login.prompt.enabled java
CVE-2022-39975 unknown 4y ago Liferay Portal Missing Authorization vulnerability java
CVE-2021-33330 unknown 4y ago Exposure of Resource to Wrong Sphere in Liferay Portal java
CVE-2021-33335 unknown 4y ago Liferay Portal and Liferay DXP Has Company Administrator Accounts Vulnerable to Takeovers java
CVE-2021-33338 unknown 4y ago Liferay Portal Layout Module and Liferay DXP Exposes the Cross-Site Request Forgery (CSRF) Token in URLs java
CVE-2021-33336 unknown 4y ago Liferay Portal Journal Module and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) java
CVE-2021-33339 unknown 4y ago Liferay Portal Fragment Module and Liferay DXP Vulnerable to Cross-Site Scripting java
CVE-2021-35463 unknown 4y ago Liferay Portal cross-site scripting (XSS) vulnerability in the Frontend Taglib module java
CVE-2021-33325 unknown 4y ago Liferay Portal and Liferay DXP Stores User Passwords in Cleartext java
CVE-2021-33324 unknown 4y ago Liferay Portal and Liferay DXP Don't Check Permissions of Pages java
CVE-2021-33321 unknown 4y ago Liferay Portal and Liferay DXP insecure default configuration java
CVE-2021-33332 unknown 4y ago Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) java
CVE-2021-33333 unknown 4y ago Liferay Portal and Liferay DXP Fails to Check User Permissions for Workflow Submissions java
CVE-2021-33334 unknown 4y ago Liferay Portal and Liferay DXP Fails to Properly Check User Permissions java
CVE-2021-29048 unknown 4y ago Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in the Layout Admin Page java
CVE-2021-29053 unknown 4y ago Liferay Portal and Liferay DXP Vulnerable to Multiple SQL Injections java
CVE-2021-29046 unknown 4y ago Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via Asset Module Parameter java
CVE-2021-29051 unknown 4y ago Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Asset Publisher App java
CVE-2021-29040 unknown 4y ago Liferay Portal and Liferay DXP Reveals Data via Overly Verbose Error Messages java
CVE-2021-29047 unknown 4y ago Liferay Portal and Liferay DXP Fails to Invalidate CAPTCHA Answers After Use java
CVE-2020-15841 unknown 4y ago Liferay Portal and Liferay DXP Potentially Reveal LDAP Server Password via Unsafe Connection java
CVE-2020-13444 unknown 4y ago Liferay Portal and Liferay DXP Fails to Sanitize API Data java
CVE-2020-7934 unknown 4y ago Liferay Portal Vulnerable to Persistent Cross-Site Scripting (XSS) in MyAccountPortlet java
CVE-2019-16891 unknown 4y ago Liferay Portal Allows RCE via Deserialization of a JSON Payload java
CVE-2019-6588 unknown 4y ago Liferay Portal Allows Cross-Site Scripting (XSS) via the SimpleCaptcha API java
CVE-2017-1000425 unknown 4y ago Liferay Portal XSS vulnerability via movie parameter in the /html/portal/flash.jsp page java
CVE-2022-26595 unknown 4y ago Liferay Portal and Liferay DXP fails to check permissions to view sites/groups java