| CVE-2017-12649 |
medium |
6.1 |
6.1 |
9y ago |
Liferay Portal Vulnerable to XSS via Mishandled Title or Summary in the Web Content Display |
|
| CVE-2017-12648 |
medium |
6.1 |
6.1 |
9y ago |
Liferay Portal XSS Vulnerability |
|
| CVE-2017-12647 |
medium |
6.1 |
6.1 |
9y ago |
Liferay Portal Vulnerable to XSS via a Knowledge Base Article Title |
|
| CVE-2017-12646 |
medium |
6.1 |
6.1 |
9y ago |
Liferay Portal XSS Vulnerability |
|
| CVE-2017-12645 |
medium |
6.1 |
6.1 |
9y ago |
Liferay Portal Vulnerable to XSS via an Invalid portletId |
|
| CVE-2016-10404 |
medium |
6.1 |
6.1 |
9y ago |
Liferay Portal Vulnerable to XSS via a Crafted Redirect Field |
|
| CVE-2025-4655 |
medium |
5.0 |
5.0 |
10mo ago |
Liferay Portal and Liferay DXP vulnerable to Server-Side Request Forgery |
|
| CVE-2025-62264 |
unknown |
— |
— |
7mo ago |
Liferay Portal Vulnerable to Reflected XSS via the selectedLanguageId Parameter |
|
| CVE-2025-43813 |
unknown |
— |
— |
8mo ago |
Liferay Portal vulnerable to path traversal and denial-of-service in the ComboServlet |
|
| CVE-2024-26265 |
unknown |
— |
— |
2y ago |
Liferay Portal vulnerable to Denial of Service |
|
| CVE-2024-26267 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP HTTP Header Can Expose Versions |
|
| CVE-2023-47798 |
unknown |
— |
— |
2y ago |
Liferay Portal's account lockout does not invalidate existing user sessions |
|
| CVE-2023-33946 |
unknown |
— |
— |
3y ago |
Liferay portal unauthorized access to objects via OAuth 2 scope |
|
| CVE-2017-1000425 |
unknown |
— |
— |
4y ago |
Liferay Portal XSS vulnerability via movie parameter in the /html/portal/flash.jsp page |
|