| CVE-2025-62264 |
unknown |
— |
— |
7mo ago |
Liferay Portal Vulnerable to Reflected XSS via the selectedLanguageId Parameter |
|
| CVE-2025-43830 |
unknown |
— |
— |
8mo ago |
Liferay Portal is vulnerable to Stored XSS through Forms text type field |
|
| CVE-2025-43813 |
unknown |
— |
— |
8mo ago |
Liferay Portal vulnerable to path traversal and denial-of-service in the ComboServlet |
|
| CVE-2025-43731 |
unknown |
— |
— |
9mo ago |
Liferay Portal Vulnerable to Cross-Site Scripting |
|
| CVE-2024-38002 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Workflow Component Does Not Check User Permissions |
|
| CVE-2024-26267 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP HTTP Header Can Expose Versions |
|
| CVE-2024-26265 |
unknown |
— |
— |
2y ago |
Liferay Portal vulnerable to Denial of Service |
|
| CVE-2023-47798 |
unknown |
— |
— |
2y ago |
Liferay Portal's account lockout does not invalidate existing user sessions |
|
| CVE-2023-33946 |
unknown |
— |
— |
3y ago |
Liferay portal unauthorized access to objects via OAuth 2 scope |
|
| CVE-2019-16891 |
unknown |
— |
— |
4y ago |
Liferay Portal Allows RCE via Deserialization of a JSON Payload |
|
| CVE-2017-1000425 |
unknown |
— |
— |
4y ago |
Liferay Portal XSS vulnerability via movie parameter in the /html/portal/flash.jsp page |
|