| CVE-2025-62264 |
unknown |
— |
— |
7mo ago |
Liferay Portal Vulnerable to Reflected XSS via the selectedLanguageId Parameter |
|
| CVE-2025-62265 |
unknown |
— |
— |
7mo ago |
Liferay Portal is vulnerable to XSS in the Blogs widget |
|
| CVE-2025-43830 |
unknown |
— |
— |
8mo ago |
Liferay Portal is vulnerable to Stored XSS through Forms text type field |
|
| CVE-2025-43822 |
unknown |
— |
— |
8mo ago |
Liferay Portal has multiple Stored XSS vulnerabilities on its View Order page |
|
| CVE-2025-43813 |
unknown |
— |
— |
8mo ago |
Liferay Portal vulnerable to path traversal and denial-of-service in the ComboServlet |
|
| CVE-2025-43799 |
unknown |
— |
— |
8mo ago |
Liferay Portal Uses Default Password |
|
| CVE-2025-43731 |
unknown |
— |
— |
9mo ago |
Liferay Portal Vulnerable to Cross-Site Scripting |
|
| CVE-2024-11993 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting |
|
| CVE-2024-38002 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Workflow Component Does Not Check User Permissions |
|
| CVE-2024-25603 |
unknown |
— |
— |
2y ago |
Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting |
|
| CVE-2023-40191 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting |
|
| CVE-2023-42496 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting |
|
| CVE-2024-26265 |
unknown |
— |
— |
2y ago |
Liferay Portal vulnerable to Denial of Service |
|
| CVE-2024-26267 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP HTTP Header Can Expose Versions |
|
| CVE-2024-25607 |
unknown |
— |
— |
2y ago |
Liferay Portal defaults to a low work factor for the default password hashing algorithm |
|
| CVE-2024-25608 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Replacement Character |
|
| CVE-2024-25609 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Two Forward Slashes |
|
| CVE-2024-25150 |
unknown |
— |
— |
2y ago |
Liferay Portal and Liferay DXP Information Disclosure Vulnerability in the Control Panel |
|
| CVE-2023-47798 |
unknown |
— |
— |
2y ago |
Liferay Portal's account lockout does not invalidate existing user sessions |
|
| CVE-2023-33946 |
unknown |
— |
— |
3y ago |
Liferay portal unauthorized access to objects via OAuth 2 scope |
|
| CVE-2023-33939 |
unknown |
— |
— |
3y ago |
Cross-site scripting in Liferay Portal |
|
| CVE-2021-33338 |
unknown |
— |
— |
4y ago |
Liferay Portal Layout Module and Liferay DXP Exposes the Cross-Site Request Forgery (CSRF) Token in URLs |
|
| CVE-2021-33324 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Don't Check Permissions of Pages |
|
| CVE-2021-29048 |
unknown |
— |
— |
4y ago |
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in the Layout Admin Page |
|
| CVE-2019-16891 |
unknown |
— |
— |
4y ago |
Liferay Portal Allows RCE via Deserialization of a JSON Payload |
|
| CVE-2017-1000425 |
unknown |
— |
— |
4y ago |
Liferay Portal XSS vulnerability via movie parameter in the /html/portal/flash.jsp page |
|