VIR Vulnerability Intelligence Relay

Package impact

java Maven / com.liferay.portal:release.portal.bom

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2020-7934 unknown 1.0 4y ago Liferay Portal Vulnerable to Persistent Cross-Site Scripting (XSS) in MyAccountPortlet
CVE-2019-6588 unknown 1.0 4y ago Liferay Portal Allows Cross-Site Scripting (XSS) via the SimpleCaptcha API
CVE-2025-62264 unknown 7mo ago Liferay Portal Vulnerable to Reflected XSS via the selectedLanguageId Parameter
CVE-2025-62265 unknown 7mo ago Liferay Portal is vulnerable to XSS in the Blogs widget
CVE-2025-62266 unknown 7mo ago Liferay Portal is vulnerable to DNS rebinding attacks
CVE-2025-62257 unknown 7mo ago Liferay Portal vulnerable to password enumeration
CVE-2025-62260 unknown 7mo ago Liferay Portal Vulnerable to DoS via Crafted Headless API Request
CVE-2025-62259 unknown 7mo ago Liferay Portal Does Not Limit Access to APIs Before Email Verification
CVE-2025-62258 unknown 7mo ago Liferay Portal Vulnerable to CSRF in Headless APIs
CVE-2025-62261 unknown 7mo ago Liferay Portal Stores Password Reset Tokens in Plain Text
CVE-2025-43830 unknown 8mo ago Liferay Portal is vulnerable to Stored XSS through Forms text type field
CVE-2025-43822 unknown 8mo ago Liferay Portal has multiple Stored XSS vulnerabilities on its View Order page
CVE-2025-43823 unknown 8mo ago Liferay Portal is vulnerable to XSS through its Commerce Search Result widget
CVE-2025-43824 unknown 8mo ago Liferay Profile Widget does not prevent vCard extension spoofing
CVE-2025-43826 unknown 8mo ago Liferay Portal Vulnerable to XSS in Web Content translation
CVE-2025-43817 unknown 8mo ago Liferay Portal vulnerable to reflected cross-site scripting via the `redirect` parameter
CVE-2025-43813 unknown 8mo ago Liferay Portal vulnerable to path traversal and denial-of-service in the ComboServlet
CVE-2025-43820 unknown 8mo ago Liferay Portal vulnerable to cross-site scripting in the Calendar widget
CVE-2025-43812 unknown 8mo ago Liferay Portal vulnerable to cross-site scripting in the web content template
CVE-2025-43799 unknown 9mo ago Liferay Portal Uses Default Password
CVE-2025-43785 unknown 9mo ago Liferay Portal and Liferay DXP vulnerable to Stored Cross-site Scripting
CVE-2025-43776 unknown 9mo ago Liferay Portal and Liferay DXP vulnerable to store Cross-site Scripting
CVE-2025-43760 unknown 10mo ago Liferay Portal Reflected Cross-Site Scripting Vulnerability via PortalUtil.escapeRedirect
CVE-2025-43752 unknown 10mo ago Liferay Portal's Unlimited File Upload Could Result in DoS
CVE-2025-43754 unknown 10mo ago Liferay Portal Username Enumeration Vulnerability
CVE-2025-43756 unknown 10mo ago Liferay Portal Reflected Cross-Site Scripting Vulnerability via snippet Parameter
CVE-2025-43757 unknown 10mo ago Liferay Portal Vulnerable to Cross-Site Scripting via DDMPortlet_definition Parameter
CVE-2025-43746 unknown 10mo ago Liferay Portal Vulnerable to Cross-Site Scripting in Dynamic Data Mapping
CVE-2025-43748 unknown 10mo ago Liferay Portal Vulnerable to Cross-Site Request Forgery
CVE-2025-43749 unknown 10mo ago Liferay Portal Unauthenticated File Access via URL
CVE-2025-43741 unknown 10mo ago Liferay Portal Vulnerable to Cross-Site Scripting via assetTagNames Parameter
CVE-2025-43744 unknown 10mo ago Liferay Portal Vulnerable to Cross-Site Scripting via DDM Structure Field Labels
CVE-2025-43743 unknown 10mo ago Liferay Portal Enumeration Discrepancy in Calendars
CVE-2025-43745 unknown 10mo ago Liferay Portal CSRF Vulnerability via Endpoint Parameter
CVE-2025-43731 unknown 10mo ago Liferay Portal Vulnerable to Cross-Site Scripting
CVE-2025-3639 unknown 10mo ago Liferay Portal Login Bypass Vulnerability
CVE-2025-43734 unknown 10mo ago Liferay Portal 7.4.0 and Liferay DXP have a reflected cross-site scripting (XSS) vulnerability
CVE-2025-43736 unknown 10mo ago Liferay Portal and Liferay DXP have a Denial Of Service via File Upload (DOS) vulnerability
CVE-2025-4581 unknown 10mo ago Liferay Portal and Liferay DXP vulnerable to Server-Side Request Forgery
CVE-2025-3760 unknown 1y ago Liferay Cross-site Scripting vulnerability
CVE-2025-2565 unknown 1y ago Liferay Portal and Liferay DXP Reveals Data via Forms
CVE-2025-2536 unknown 1y ago Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS)
CVE-2023-37940 unknown 2y ago Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page
CVE-2024-11993 unknown 2y ago Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting
CVE-2024-26272 unknown 2y ago Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the Content Page Editor
CVE-2024-26273 unknown 2y ago Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the Content Page Editor
CVE-2024-8980 unknown 2y ago Liferay Portal and Liferay DXP Vulnerable to CSRF in the Script Console
CVE-2024-26271 unknown 2y ago Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the My Account Widget
CVE-2024-38002 unknown 2y ago Liferay Portal and Liferay DXP Workflow Component Does Not Check User Permissions
CVE-2023-47795 unknown 2y ago Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting
CVE-2024-25151 unknown 2y ago Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofing
CVE-2024-25603 unknown 2y ago Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting
CVE-2024-26269 unknown 2y ago Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting
CVE-2024-26266 unknown 2y ago Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting
CVE-2023-42496 unknown 2y ago Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
CVE-2024-25152 unknown 2y ago Liferay Portal Message Board widget and Liferay DXP vulnerable to stored Cross-site Scripting
CVE-2024-25602 unknown 2y ago Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site Scripting
CVE-2024-25147 unknown 2y ago Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting
CVE-2023-40191 unknown 2y ago Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
CVE-2024-25601 unknown 2y ago Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site Scripting
CVE-2023-42498 unknown 2y ago Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting
CVE-2024-26268 unknown 2y ago Liferay Portal and Liferay DXP User Enumeration Vulnerability
CVE-2024-26270 unknown 2y ago Liferay Portal and Liferay DXP vulnerable to theft of hashed password
CVE-2024-25610 unknown 2y ago Liferay Portal has a Stored XSS with Blog entries (Insecure defaults)
CVE-2024-26265 unknown 2y ago Liferay Portal vulnerable to Denial of Service
CVE-2024-26267 unknown 2y ago Liferay Portal and Liferay DXP HTTP Header Can Expose Versions
CVE-2024-25609 unknown 2y ago Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Two Forward Slashes
CVE-2024-25608 unknown 2y ago Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Replacement Character
CVE-2024-25607 unknown 2y ago Liferay Portal defaults to a low work factor for the default password hashing algorithm
CVE-2024-25604 unknown 2y ago Liferay Portal and Liferay DXP Allows Authenticated Users with View Permissions to Edit Permissions
CVE-2024-25605 unknown 2y ago Liferay Portal and Liferay DXP Allows Templates to be Viewed via the UI or API
CVE-2024-25606 unknown 2y ago Liferay Portal has an XXE vulnerability in Java2WsddTask._format
CVE-2024-25149 unknown 2y ago Liferay Portal and Liferay DXP Does Not Properly Restrict Membership to Child Site Based on Parent Site Options
CVE-2024-25150 unknown 2y ago Liferay Portal and Liferay DXP Information Disclosure Vulnerability in the Control Panel
CVE-2022-45320 unknown 2y ago Privilege escalation in Liferay Portal
CVE-2023-5190 unknown 2y ago Liferay Portal and Liferay DXP Vulnerable to Open Redirect in Countries Management's Edit Region Page
CVE-2024-25144 unknown 2y ago Liferay Portal denial-of-service vulnerability
CVE-2024-25146 unknown 2y ago Liferay Portal allows attackers to discover the existence of sites
CVE-2024-25148 unknown 2y ago Liferay Portal vulnerable to user impersonation
CVE-2023-47798 unknown 2y ago Liferay Portal's account lockout does not invalidate existing user sessions
CVE-2024-25145 unknown 2y ago Liferay Portal stored cross-site scripting (XSS) vulnerability
CVE-2024-25143 unknown 2y ago Liferay Portal denial of service (memory consumption)
CVE-2023-47797 unknown 3y ago Liferay Portal XSS with `p_l_back_url_title` on edit content page
CVE-2023-35030 unknown 3y ago Liferay Portal and Liferay DXP Vulnerable to CSRF via the Layout Module
CVE-2023-3193 unknown 3y ago Liferay Portal and Liferay DXP Vulnerable to XSS via the Layout Module
CVE-2023-33948 unknown 3y ago Missing authorization in Liferay portal
CVE-2023-33945 unknown 3y ago SQL injection in Liferay Portal
CVE-2023-33949 unknown 3y ago Insecure Default Initialization In Liferay Portal
CVE-2023-33950 unknown 3y ago Liferay Portal has Inefficient Regular Expression
CVE-2023-33946 unknown 3y ago Liferay portal unauthorized access to objects via OAuth 2 scope
CVE-2023-33947 unknown 3y ago Liferay portal has unauthorized access to object definition via search
CVE-2023-33944 unknown 3y ago Cross-site scripting in Liferay Portal
CVE-2023-33941 unknown 3y ago Cross-site scripting in Liferay Portal
CVE-2023-33937 unknown 3y ago Cross-site scripting in Liferay Portal
CVE-2023-33938 unknown 3y ago Cross-site scripting in Liferay Portal
CVE-2023-33942 unknown 3y ago Cross-site scripting in Liferay Portal
CVE-2023-33940 unknown 3y ago Cross-site scripting in Liferay Portal
CVE-2023-33943 unknown 3y ago Cross-site scripting in Liferay Portal
CVE-2023-33939 unknown 3y ago Cross-site scripting in Liferay Portal
CVE-2022-42129 unknown 4y ago Authorization Bypass in Liferay Portal