Browse Security Advisories
Security Advisories for com.liferay.portal:release.dxp.bom in maven Clear Filters
Moderate
over 3 years ago
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Asset Publisher App
maven
com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
over 3 years ago
Liferay Portal and Liferay DXP Fails to Check Permissions
maven
com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
High
over 3 years ago
Liferay Portal and Liferay DXP Fails to Invalidate CAPTCHA Answers After Use
maven
com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
over 3 years ago
Liferay Portal and Liferay DXP Reveals Data via Overly Verbose Error Messages
maven
com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
over 3 years ago
Liferay DXP Vulnerable to Denial-of-service (DoS) in the Multi-Factor Authentication Module
maven
com.liferay.portal:release.dxp.bom
Moderate
over 3 years ago
Liferay Portal and Liferay DXP Bypass via Double Encoded URL
maven
com.liferay.portal:com.liferay.portal.impl, com.liferay.portal:release.portal.bom, com.liferay.portal:release.dxp.bom
High
over 3 years ago
Liferay Portal and Liferay DXP have Insecure Deserialization Vulnerability
maven
com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
High
over 3 years ago
Liferay Portal and Liferay DXP Potentially Reveal LDAP Server Password via Unsafe Connection
maven
com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
over 3 years ago
Liferay Portal and Liferay DXP Fails to Sanitize API Data
maven
com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
High
over 3 years ago
Liferay Portal and Liferay DXP Vulnerable to Arbitrary Code Execution
maven
com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
over 3 years ago
Liferay Portal and Liferay DXP allows arbitrary injection via web content template names
maven
com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.journal.content.web
Moderate
over 3 years ago
Liferay Portal and Liferay DXP allows arbitrary injection via the site name
maven
com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.layout.seo.web
Moderate
over 3 years ago
Liferay Portal and Liferay DXP allows arbitrary injection via the name of an asset category
maven
com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.asset.taglib
Moderate
over 3 years ago
Liferay Portal and Liferay DXP fails to check permissions to view sites/groups
maven
com.liferay.portal:com.liferay.portal.impl, com.liferay:com.liferay.site.browser.web, com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
over 3 years ago
Liferay Portal and Liferay DXP allows arbitrary injection via form field
maven
com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.dynamic.data.mapping.form.field.type
High
over 3 years ago
Liferay Portal and Liferay DXP fails to properly import users from LDAP
maven
com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.portal.security.ldap.impl
Moderate
over 3 years ago
Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS) in the Gogo Shell module
maven
com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.gogo.shell.web
Moderate
over 3 years ago
Liferay Portal and Liferay DXP cross-site scripting (XSS) vulnerability via the script console
maven
com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.server.admin.web
Moderate
over 3 years ago
Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS)
maven
com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.layout.admin.web
Moderate
over 3 years ago
Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS) in edit blog entry page
maven
com.liferay:com.liferay.frontend.js.web, com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
over 3 years ago
Liferay Portal and Liferay DXP fails to check origin of event messages
maven
com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.remote.app.web
Moderate
over 3 years ago
Liferay Portal and Liferay DXP has incorrect default permissions for site members
maven
com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.dynamic.data.mapping.service
Moderate
over 3 years ago
Unrestricted Upload of File with Dangerous Type in Liferay Portal and Liferay DXP
maven
com.liferay.portal:release.dxp.bom
Filter by Severity
Filter by Ecosystem
maven
6,817
packagist
5,401
pypi
4,914
npm
4,268
go
2,906
nuget
1,870
cargo
1,082
rubygems
929
hex
37
swift
36
actions
36
pub
10
Filter by Package
org.jenkins-ci.main:jenkins-core
239
com.liferay.portal:release.portal.bom
139
org.apache.tomcat:tomcat
136
com.liferay.portal:release.dxp.bom
123
com.fasterxml.jackson.core:jackson-databind
69
org.apache.struts:struts2-core
57
org.keycloak:keycloak-core
50
org.apache.tomcat.embed:tomcat-embed-core
48
org.xwiki.platform:xwiki-platform-oldcore
43
org.keycloak:keycloak-services
42
org.elasticsearch:elasticsearch
41
com.thoughtworks.xstream:xstream
37
net.mingsoft:ms-mcms
36
com.jfinal:jfinal
36
io.undertow:undertow-core
35
org.jenkins-ci.plugins:script-security
34
org.apache.solr:solr-core
28
org.opencms:opencms-core
27
org.springframework.security:spring-security-core
26
org.eclipse.jetty:jetty-server
25
org.keycloak:keycloak-parent
24
org.bouncycastle:bcprov-jdk14
23
org.apache.tomcat:tomcat-catalina
23
org.apache.openmeetings:openmeetings-parent
22
org.apache.nifi:nifi
21
org.cloudfoundry.identity:cloudfoundry-identity-server
20
org.xwiki.platform:xwiki-platform-web-templates
20
org.apache.tomcat:tomcat-coyote
20
com.vaadin:vaadin-bom
18
org.apache.jspwiki:jspwiki-main
18
org.apache.inlong:manager-pojo
17
org.springframework:spring-core
17
org.apache.geode:geode-core
17
org.bouncycastle:bcprov-jdk15
16
org.apache.dubbo:dubbo
16
org.apache.activemq:activemq-client
16
org.apache.ranger:ranger
16
org.apache.struts.xwork:xwork-core
15
org.xwiki.platform:xwiki-platform-web
14
org.apache.hadoop:hadoop-main
13
org.jenkins-ci.plugins.workflow:workflow-cps
13
org.apache.cxf:cxf-core
13
org.apache.dolphinscheduler:dolphinscheduler
13
org.springframework:spring-webmvc
13
org.jenkins-ci.plugins:git
12
org.jeecgframework.boot:jeecg-boot-parent
12
org.apache.cxf:cxf
12
com.vaadin:flow-server
12
org.bouncycastle:bcprov-jdk15on
12
org.springframework:spring-web
12
org.graylog2:graylog2-server
12
org.apache.hadoop:hadoop-common
12
org.apache.tika:tika-core
12
com.xuxueli:xxl-job
11
org.igniterealtime.openfire:parent
11
org.apache.james:james-server
11
org.geoserver.web:gs-web-app
11
org.apache.camel:camel-core
11
ai.h2o:h2o-core
11
org.mortbay.jetty:jetty
11
org.apache.commons:commons-compress
11
org.apache.archiva:archiva
11
org.apache.jspwiki:jspwiki-war
11
org.xwiki.platform:xwiki-platform-administration-ui
11
org.jenkins-ci.plugins:email-ext
11
org.apache.hive:hive-exec
10
io.netty:netty
10
h2o
10
org.apache.inlong:manager-service
10
org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
10
org.opensearch.plugin:opensearch-security
10
org.jboss.netty:netty
10
org.apache.kylin:kylin
10
org.bouncycastle:bcprov-jdk15to18
10
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
10
org.craftercms:crafter-studio
10
cn.hutool:hutool-core
9
bootstrap
9
twbs/bootstrap
9
org.apache.cassandra:cassandra-all
9
org.apache.tapestry:tapestry-core
9
org.apache.hive:hive
9
bootstrap
9
org.jenkins-ci.plugins:active-directory
9
mysql:mysql-connector-java
9
bootstrap
9
pyspark
9
org.jenkins-ci.plugins:electricflow
9
org.jenkins-ci.plugins:config-file-provider
9
org.opencrx:opencrx-core-models
9
org.apache.linkis:linkis
9
org.apache.xmlgraphics:batik
9
org.webjars:bootstrap
9
org.apache.shiro:shiro-core
9
io.jenkins:configuration-as-code
9
org.opennms:opennms
9
org.postgresql:postgresql
9
org.apache.hive:hive-service
8
org.apache.ambari:ambari
8
org.xwiki.platform:xwiki-platform-rest-server
8
org.jenkins-ci.plugins:ec2
8
org.apache.ozone:ozone-main
8
org.silverpeas.core:silverpeas-core-web
8
org.jenkins-ci.plugins:oic-auth
8
org.apache.streampark:streampark
8
org.jeecgframework.boot:jeecg-boot-common
8
com.liferay.portal:com.liferay.portal.impl
8
org.webjars.npm:jquery
8
jquery
8
org.apache.pdfbox:pdfbox
8
org.apache.santuario:xmlsec
8
io.jenkins.blueocean:blueocean
8
com.hazelcast:hazelcast
8
org.bouncycastle:bc-fips
8
com.ruoyi:ruoyi
8
org.apache.zeppelin:zeppelin
8
org.yaml:snakeyaml
8
jquery-rails
8
org.jenkins-ci.plugins:subversion
8
org.apache.druid:druid
7
net.opentsdb:opentsdb
7
io.netty:netty-handler
7
io.jenkins.plugins:miniorange-saml-sp
7
org.apache.spark:spark-core_2.11
7
jquery-ui
7
org.webjars.npm:jquery-ui
7
rubygems-update
7
io.atomix:atomix
7
bootstrap.sass
7
jquery-ui-rails
7
commons-fileupload:commons-fileupload
7
org.jenkins-ci.plugins:openshift-deployer
7
org.apache.logging.log4j:log4j-core
7
org.owasp.esapi:esapi
7
org.jboss.resteasy:resteasy-client
7
org.apache.atlas:atlas-common
7
org.apache.karaf:apache-karaf
7
org.owasp.antisamy:antisamy
7
org.jeecgframework.boot:jeecg-boot-base
7
io.dataease:dataease-plugin-common
7
org.apache.cxf:apache-cxf
7
org.apache.poi:poi
7
org.apache.inlong:manager-web
7
org.jruby:jruby-stdlib
7
org.bouncycastle:bcprov-jdk18on
7
org.apache.activemq:activemq-parent
7
org.jenkins-ci.plugins:artifactory
7
org.jenkins-ci.plugins:rundeck
7
io.jenkins.plugins:warnings-ng
7
org.opencastproject:opencast-kernel
7
bootstrap-sass
7
jQuery.UI.Combined
7
org.jenkins-ci.plugins:jobConfigHistory
7
org.apache.wicket:wicket-core
7
org.jenkins-ci.plugins:mercurial
7
org.apache.derby:derby
7
jQuery
7
io.jenkins.plugins:cavisson-ns-nd-integration
7
org.keycloak:keycloak-quarkus-server
6
de.tum.in.ase:artemis-java-test-sandbox
6
com.jflyfox:jflyfox_jfinal
6
com.xebialabs.deployit.ci:deployit-plugin
6
org.apache.ignite:ignite-core
6
hudson.plugins:project-inheritance
6
org.apache.solr:solr-parent
6
cn.hutool:hutool-json
6
org.xwiki.commons:xwiki-commons-xml
6
org.apache.httpcomponents:httpclient
6
org.apache.axis:axis
6
org.wildfly:wildfly-parent
6
org.apache.shenyu:shenyu-common
6
org.apache.zookeeper:zookeeper
6
org.geoserver:gs-wms
6
org.jenkins-ci.plugins:pipeline-maven
6
com.xuxueli:xxl-job-core
6
org.csanchez.jenkins.plugins:kubernetes
6
org.jenkins-ci.plugins:htmlpublisher
6
org.jenkins-ci.plugins:ec2-deployment-dashboard
6
org.jenkins-ci.plugins:fortify-on-demand-uploader
6
org.jenkins-ci.plugins:azure-vm-agents
6
org.jenkins-ci.plugins:repository-connector
6
org.infinispan:infinispan-core
6
org.jenkins-ci.plugins:ghprb
6
org.apache.spark:spark-core_2.10
6
org.apache.syncope:syncope-core
6
com.nimbusds:nimbus-jose-jwt
6
bootstrap-sass
6
io.netty:netty-codec-http
6
org.apache.tika:tika
6
org.apache.struts:struts2-rest-plugin
6
org.apache.pulsar:pulsar-broker
6
org.silverpeas.core:silverpeas-core
6
org.apache.mesos:mesos
6
org.apache.storm:storm-core
6
apache-iotdb
6
org.jenkins-ci.plugins:gitlab-plugin
6
com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger
6
org.apache.kafka:kafka
6
org.jenkins-ci.plugins:credentials-binding
6
ch.qos.logback:logback-core
6