| CVE-2025-62264 |
unknown |
— |
— |
7mo ago |
Liferay Portal Vulnerable to Reflected XSS via the selectedLanguageId Parameter |
|
| CVE-2025-62265 |
unknown |
— |
— |
7mo ago |
Liferay Portal is vulnerable to XSS in the Blogs widget |
|
| CVE-2025-43830 |
unknown |
— |
— |
8mo ago |
Liferay Portal is vulnerable to Stored XSS through Forms text type field |
|
| CVE-2025-43822 |
unknown |
— |
— |
8mo ago |
Liferay Portal has multiple Stored XSS vulnerabilities on its View Order page |
|
| CVE-2025-43813 |
unknown |
— |
— |
8mo ago |
Liferay Portal vulnerable to path traversal and denial-of-service in the ComboServlet |
|
| CVE-2025-43799 |
unknown |
— |
— |
8mo ago |
Liferay Portal Uses Default Password |
|
| CVE-2025-43785 |
unknown |
— |
— |
9mo ago |
Liferay Portal and Liferay DXP vulnerable to Stored Cross-site Scripting |
|
| CVE-2025-43757 |
unknown |
— |
— |
9mo ago |
Liferay Portal Vulnerable to Cross-Site Scripting via DDMPortlet_definition Parameter |
|
| CVE-2025-43749 |
unknown |
— |
— |
9mo ago |
Liferay Portal Unauthenticated File Access via URL |
|
| CVE-2025-43745 |
unknown |
— |
— |
9mo ago |
Liferay Portal CSRF Vulnerability via Endpoint Parameter |
|
| CVE-2025-43731 |
unknown |
— |
— |
9mo ago |
Liferay Portal Vulnerable to Cross-Site Scripting |
|
| CVE-2025-4581 |
unknown |
— |
— |
10mo ago |
Liferay Portal and Liferay DXP vulnerable to Server-Side Request Forgery |
|
| CVE-2024-11993 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting |
|
| CVE-2024-38002 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Workflow Component Does Not Check User Permissions |
|
| CVE-2024-26271 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the My Account Widget |
|
| CVE-2024-25603 |
unknown |
— |
— |
2y ago |
Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting |
|
| CVE-2023-40191 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting |
|
| CVE-2023-42496 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting |
|
| CVE-2023-42498 |
unknown |
— |
— |
2y ago |
Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting |
|
| CVE-2024-26265 |
unknown |
— |
— |
2y ago |
Liferay Portal vulnerable to Denial of Service |
|
| CVE-2024-26267 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP HTTP Header Can Expose Versions |
|
| CVE-2024-25609 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Two Forward Slashes |
|
| CVE-2024-25607 |
unknown |
— |
— |
2y ago |
Liferay Portal defaults to a low work factor for the default password hashing algorithm |
|
| CVE-2024-25608 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Replacement Character |
|
| CVE-2024-25150 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Information Disclosure Vulnerability in the Control Panel |
|
| CVE-2023-47798 |
unknown |
— |
— |
2y ago |
Liferay Portal's account lockout does not invalidate existing user sessions |
|
| CVE-2023-33947 |
unknown |
— |
— |
3y ago |
Liferay portal has unauthorized access to object definition via search |
|
| CVE-2023-33946 |
unknown |
— |
— |
3y ago |
Liferay portal unauthorized access to objects via OAuth 2 scope |
|
| CVE-2023-33939 |
unknown |
— |
— |
3y ago |
Cross-site scripting in Liferay Portal |
|
| CVE-2022-42127 |
unknown |
— |
— |
4y ago |
Incorrect Default Permissions in Liferay Portal |
|
| CVE-2022-42126 |
unknown |
— |
— |
4y ago |
Missing permissions check in Liferay Portal |
|
| CVE-2022-39975 |
unknown |
— |
— |
4y ago |
Liferay Portal Missing Authorization vulnerability |
|
| CVE-2021-33330 |
unknown |
— |
— |
4y ago |
Exposure of Resource to Wrong Sphere in Liferay Portal |
|
| CVE-2021-33335 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Has Company Administrator Accounts Vulnerable to Takeovers |
|
| CVE-2021-33339 |
unknown |
— |
— |
4y ago |
Liferay Portal Fragment Module and Liferay DXP Vulnerable to Cross-Site Scripting |
|
| CVE-2021-33338 |
unknown |
— |
— |
4y ago |
Liferay Portal Layout Module and Liferay DXP Exposes the Cross-Site Request Forgery (CSRF) Token in URLs |
|
| CVE-2021-33325 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Stores User Passwords in Cleartext |
|
| CVE-2021-33324 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Don't Check Permissions of Pages |
|
| CVE-2021-29048 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in the Layout Admin Page |
|
| CVE-2020-15841 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Potentially Reveal LDAP Server Password via Unsafe Connection |
|
| CVE-2019-16891 |
unknown |
— |
— |
4y ago |
Liferay Portal Allows RCE via Deserialization of a JSON Payload |
|
| CVE-2017-1000425 |
unknown |
— |
— |
4y ago |
Liferay Portal XSS vulnerability via movie parameter in the /html/portal/flash.jsp page |
|
| CVE-2022-26595 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP fails to check permissions to view sites/groups |
|