An open API service providing security vulnerability metadata for many open source software ecosystems.

Browse Security Advisories

Security Advisories for com.liferay.portal:release.portal.bom in maven Clear Filters

Moderate
3 months ago

Liferay Cross-site Scripting vulnerability GSA_kwCzR0hTQS1xaHA2LXZwN2MtZzd4cM4ABG8e

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
4 months ago

Liferay Portal and Liferay DXP Reveals Data via Forms GSA_kwCzR0hTQS05ZmNnLXdycDgtcWhyNM4ABFwV

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
4 months ago

Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) GSA_kwCzR0hTQS1ocmM0LXAyaDMtcGpxd84ABFp_

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
8 months ago

Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page GSA_kwCzR0hTQS1weDM4LTIzOWcteDVtZ84ABCiF

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
8 months ago

Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting GSA_kwCzR0hTQS00aHhyLTI4bXYtcTcyOc4ABCiC

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
High
9 months ago

Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the My Account Widget GSA_kwCzR0hTQS02YzR2LXg5djItcmptOM4ABAk1

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Critical
9 months ago

Liferay Portal and Liferay DXP Vulnerable to CSRF in the Script Console GSA_kwCzR0hTQS1jaGoyLTR2ZzctaGhnM84ABAkm

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Critical
over 1 year ago

Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting GSA_kwCzR0hTQS1xMmN2LTdqNTgtcmZtas4AA5bF

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
over 1 year ago

Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofing GSA_kwCzR0hTQS1oZ3I2LTZoaHctODgzZs4AA5aV

maven com.liferay.portal:release.portal.bom, com.liferay.portal:release.dxp.bom
Critical
over 1 year ago

Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting GSA_kwCzR0hTQS1yd3hjLTRjbXctN3g3Nc4AA5aL

maven com.liferay.portal:release.portal.bom, com.liferay.portal:release.dxp.bom
Critical
over 1 year ago

Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting GSA_kwCzR0hTQS1yd2h2LWh2ajItcXJxbc4AA5aN

maven com.liferay.portal:release.portal.bom, com.liferay.portal:release.dxp.bom
Critical
over 1 year ago

Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting GSA_kwCzR0hTQS00NGpnLWpnangtM3hnNc4AA5aM

maven com.liferay.portal:release.portal.bom, com.liferay.portal:release.dxp.bom
Critical
over 1 year ago

Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting GSA_kwCzR0hTQS03M3gzLThtcmctNXI5M84AA5aE

maven com.liferay.portal:release.portal.bom, com.liferay.portal:release.dxp.bom
Critical
over 1 year ago

Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site Scripting GSA_kwCzR0hTQS1jcjM2LTN2cWYteDV3Nc4AA5aK

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Critical
over 1 year ago

Liferay Portal Message Board widget and Liferay DXP vulnerable to stored Cross-site Scripting GSA_kwCzR0hTQS1wMjh4LTRyNWgtcGg2as4AA5aJ

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Critical
over 1 year ago

Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting GSA_kwCzR0hTQS01NHB2LXI2MmotOXFxY84AA5aC

maven com.liferay.portal:release.portal.bom, com.liferay.portal:release.dxp.bom
Critical
over 1 year ago

Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting GSA_kwCzR0hTQS14cGpnLTdoeDctd2djeM4AA5aI

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Critical
over 1 year ago

Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting GSA_kwCzR0hTQS00Njh4LWZyY20tZ2h4Ns4AA5aB

maven com.liferay.portal:release.portal.bom, com.liferay.portal:release.dxp.bom
Critical
over 1 year ago

Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site Scripting GSA_kwCzR0hTQS12MnhxLW0yMnctam1wcs4AA5aH

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
over 1 year ago

Liferay Portal and Liferay DXP vulnerable to theft of hashed password GSA_kwCzR0hTQS14cTRyLTR4ZmgtdmNoOM4AA5ZB

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
over 1 year ago

Liferay Portal and Liferay DXP User Enumeration Vulnerability GSA_kwCzR0hTQS1xbTQzLWcyeGotaHZnNc4AA5Y1

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Critical
over 1 year ago

Liferay Portal has a Stored XSS with Blog entries (Insecure defaults) GSA_kwCzR0hTQS12dnBmLTUzcXgtY3hoaM4AA5Ym

maven com.liferay.portal:com.liferay.portal.web, com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
over 1 year ago

Liferay Portal vulnerable to Denial of Service GSA_kwCzR0hTQS0yOXh4LWZoZmYtMzZtN84AA5Yo

maven com.liferay.portal:release.portal.bom
Moderate
over 1 year ago

Liferay Portal and Liferay DXP HTTP Header Can Expose Versions GSA_kwCzR0hTQS0ybXZqLXEycTMtd3hqds4AA5Yp

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
over 1 year ago

Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Replacement Character GSA_kwCzR0hTQS01NDh4LWo2eDYtaGN2NM4AA5Yc

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
over 1 year ago

Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Two Forward Slashes GSA_kwCzR0hTQS0zcXE1LXdjcngtNGg4cs4AA5Yk

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
High
over 1 year ago

Liferay Portal defaults to a low work factor for the default password hashing algorithm GSA_kwCzR0hTQS00M2g5LXAzajQtMzlobc4AA5Yf

maven com.liferay.portal:com.liferay.portal.kernel, com.liferay.portal:release.portal.bom, com.liferay.portal:release.dxp.bom
High
over 1 year ago

Liferay Portal has an XXE vulnerability in Java2WsddTask._format GSA_kwCzR0hTQS04NjloLXFoZngtdzkzOc4AA5Ya

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom, com.liferay.portal:com.liferay.util.java
Moderate
over 1 year ago

Liferay Portal and Liferay DXP Allows Templates to be Viewed via the UI or API GSA_kwCzR0hTQS1tZjhoLWdyZmctajlqM84AA5YZ

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
over 1 year ago

Liferay Portal and Liferay DXP Allows Authenticated Users with View Permissions to Edit Permissions GSA_kwCzR0hTQS1wdzdwLTM2NDgtcXFtZ84AA5YY

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
over 1 year ago

Liferay Portal and Liferay DXP Information Disclosure Vulnerability in the Control Panel GSA_kwCzR0hTQS00NTg1LTI4djItOGg0Ns4AA5YU

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
over 1 year ago

Liferay Portal and Liferay DXP Does Not Properly Restrict Membership to Child Site Based on Parent Site Options GSA_kwCzR0hTQS1xcGdoLTZ2OXctdmZ2Ns4AA5YT

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
over 1 year ago

Liferay Portal and Liferay DXP Vulnerable to Open Redirect in Countries Management's Edit Region Page GSA_kwCzR0hTQS1mM3JmLWNyN2YtY3djNM4AA5YP

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
over 1 year ago

Privilege escalation in Liferay Portal GSA_kwCzR0hTQS1tYzhtLTRyM3ctcTJod84AA5YQ

maven com.liferay.portal:release.portal.bom
Moderate
over 1 year ago

Liferay Portal allows attackers to discover the existence of sites GSA_kwCzR0hTQS1tcWY4LTRjcW0tcDgzeM4AA5J6

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
High
over 1 year ago

Liferay Portal vulnerable to user impersonation GSA_kwCzR0hTQS1xd2o4LXFncHItOGNybc4AA5J7

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
over 1 year ago

Liferay Portal denial-of-service vulnerability GSA_kwCzR0hTQS13Mjc1LW04Y3ItaGYyds4AA5J4

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
over 1 year ago

Liferay Portal's account lockout does not invalidate existing user sessions GSA_kwCzR0hTQS0ybXg3LXh2ZmctZmc1M84AA5J2

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Critical
over 1 year ago

Liferay Portal stored cross-site scripting (XSS) vulnerability GSA_kwCzR0hTQS05dmdxLXc1cHYtdjc3cc4AA5JF

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
High
over 1 year ago

Liferay Portal denial of service (memory consumption) GSA_kwCzR0hTQS04N20zLTZxajMtcDN4aM4AA5JH

maven com.liferay.portal:release.portal.bom
High
about 2 years ago

SQL injection in Liferay Portal GSA_kwCzR0hTQS1nN3Z3LTQzeGctOG00aM4AAzdQ

maven com.liferay.portal:release.portal.bom
Moderate
about 2 years ago

Cross-site scripting in Liferay Portal GSA_kwCzR0hTQS1wZndjLTRmcmYtNGdmOM4AAzdV

maven com.liferay.portal:release.portal.bom
Moderate
about 2 years ago

Liferay Portal has Inefficient Regular Expression GSA_kwCzR0hTQS1jaHJjLXE2djMtamZ2OM4AAzdZ

maven com.liferay.portal:release.portal.bom
Moderate
about 2 years ago

Liferay portal unauthorized access to objects via OAuth 2 scope GSA_kwCzR0hTQS0yODY4LWZmNDQtNDNxds4AAzdS

maven com.liferay.portal:release.portal.bom
Moderate
about 2 years ago

Insecure Default Initialization In Liferay Portal GSA_kwCzR0hTQS1nOW1yLTl4ZmMtNGdmN84AAzdc

maven com.liferay.portal:release.portal.bom
High
about 2 years ago

Missing authorization in Liferay portal GSA_kwCzR0hTQS13NmY4LW14ZjUtNHZmOM4AAzdU

maven com.liferay.portal:release.portal.bom
Moderate
about 2 years ago

Cross-site scripting in Liferay Portal GSA_kwCzR0hTQS1wOXhnLTkzNzgtY3FwN84AAzdB

maven com.liferay.portal:release.portal.bom
Moderate
about 2 years ago

Cross-site scripting in Liferay Portal GSA_kwCzR0hTQS14ODJxLW1yMjMtMjdqY84AAzdH

maven com.liferay.portal:release.portal.bom
Moderate
about 2 years ago

Cross-site scripting in Liferay Portal GSA_kwCzR0hTQS12Nm0yLWo5MmotMmg3OM4AAzc9

maven com.liferay.portal:release.portal.bom
Moderate
about 2 years ago

Cross-site scripting in Liferay Portal GSA_kwCzR0hTQS13djk5LXdtcGYtanJxcs4AAzdF

maven com.liferay.portal:release.portal.bom
Moderate
about 2 years ago

Cross-site scripting in Liferay Portal GSA_kwCzR0hTQS1tdmZ2LXczZnEteHA2N84AAzdA

maven com.liferay.portal:release.portal.bom
Moderate
about 2 years ago

Cross-site scripting in Liferay Portal GSA_kwCzR0hTQS13dmh3LTVtODktNjRnds4AAzdD

maven com.liferay.portal:release.portal.bom
Moderate
about 2 years ago

Cross-site scripting in Liferay Portal GSA_kwCzR0hTQS01M213LTY5cXgtcTRmY84AAzdG

maven com.liferay.portal:release.portal.bom
Moderate
over 2 years ago

Missing permissions check in Liferay Portal GSA_kwCzR0hTQS02NDJoLW14OHEtNDdwMs4AAv3z

maven com.liferay.portal:release.portal.bom
Moderate
over 2 years ago

Incorrect Default Permissions in Liferay Portal GSA_kwCzR0hTQS01eDloLXAyZ3gtMzVtZ84AAv3q

maven com.liferay.portal:release.portal.bom
Moderate
over 2 years ago

Liferay Portal and Liferay DXP Includes LDAP Credentials in the Page URL GSA_kwCzR0hTQS1mNDNtLWhoajQtcTNqZ84AAv32

maven com.liferay:com.liferay.portal.settings.authentication.ldap.web, com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Critical
over 2 years ago

Liferay Portal and Liferay DXP Vulnerable to SQL Injection via Friendly URL Module GSA_kwCzR0hTQS1odzU2LTd4ajQtN2d4Ns4AAv33

maven com.liferay:com.liferay.friendly.url.service, com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
High
over 2 years ago

Path Traversal in Liferay Portal GSA_kwCzR0hTQS1oZmZ4LXIyODItdzJnOc4AAv3t

maven com.liferay.portal:release.portal.bom
Moderate
over 2 years ago

Improper Certificate Validation in Liferay Portal GSA_kwCzR0hTQS1jeDg0LTQzeGMtM2dtMs4AAv3k

maven com.liferay.portal:release.portal.bom
High
over 2 years ago

Path Traversal in Liferay Portal GSA_kwCzR0hTQS1nOGhwLXJjNjctamY5Ns4AAv3u

maven com.liferay.portal:release.portal.bom
Moderate
over 2 years ago

Authorization Bypass in Liferay Portal GSA_kwCzR0hTQS1nNng0LTU3aHAtajR4bc4AAv3i

maven com.liferay.portal:release.portal.bom
Moderate
over 2 years ago

Incorrect Default Permissions in Liferay Portal GSA_kwCzR0hTQS1teHZxLWN2NHgtcDNqd84AAv3m

maven com.liferay.portal:release.portal.bom
Moderate
over 2 years ago

Incorrect Default Permissions in Liferay Portal GSA_kwCzR0hTQS13Z3FtLXFwNDQtY2c2eM4AAv3y

maven com.liferay.portal:release.portal.bom
Moderate
almost 3 years ago

Liferay Portal Insecure Default Configuration in auth.login.prompt.enabled GSA_kwCzR0hTQS05NDI3LTdmNjUtODhjOM4AAvMO

maven com.liferay.portal:com.liferay.portal.impl, com.liferay.portal:release.portal.bom
Moderate
almost 3 years ago

Liferay Portal and Liferay DXP HtmlUtil.escapeRedirect Can Be Circumvented GSA_kwCzR0hTQS13Mzk3LTlwMmotNngyM84AAvAJ

maven com.liferay.portal:com.liferay.util.java, com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
almost 3 years ago

Liferay Portal Missing Authorization vulnerability GSA_kwCzR0hTQS04M3F4LTI4OG0tNzJ3NM4AAvAO

maven com.liferay.portal:release.portal.bom
Moderate
about 3 years ago

Exposure of Resource to Wrong Sphere in Liferay Portal GSA_kwCzR0hTQS02eHhjLTRqYzQtN2p2M84AArFR

maven com.liferay.portal:release.portal.bom
High
about 3 years ago

Liferay Portal and Liferay DXP Has Company Administrator Accounts Vulnerable to Takeovers GSA_kwCzR0hTQS01Z2g5LWc2MmgtZjM1bc4AApas

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
about 3 years ago

Liferay Portal Fragment Module and Liferay DXP Vulnerable to Cross-Site Scripting GSA_kwCzR0hTQS03cHhoLXE2anctNnhqOM4AApaW

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
High
about 3 years ago

Liferay Portal Layout Module and Liferay DXP Exposes the Cross-Site Request Forgery (CSRF) Token in URLs GSA_kwCzR0hTQS00ZnJnLXJweDYtOTZxaM4AApaL

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
about 3 years ago

Liferay Portal Journal Module and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) GSA_kwCzR0hTQS1mdmc2LTlyODgtN3c4Nc4AApad

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
about 3 years ago

Liferay Portal cross-site scripting (XSS) vulnerability in the Frontend Taglib module GSA_kwCzR0hTQS05aDdmLTVoYzgtY2o1Zs4AApaO

maven com.liferay:com.liferay.frontend.taglib.clay, com.liferay.portal:release.portal.bom
Moderate
about 3 years ago

Liferay Portal and Liferay DXP Stores User Passwords in Cleartext GSA_kwCzR0hTQS02Yzg4LWd2eHctZjVoZ84AApYt

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
High
about 3 years ago

Liferay Portal and Liferay DXP insecure default configuration GSA_kwCzR0hTQS1qZmNoLW0yeDMtMnY2Ns4AApYW

maven com.liferay.portal:release.portal.bom, com.liferay.portal:com.liferay.portal.impl
Moderate
about 3 years ago

Liferay Portal and Liferay DXP Don't Check Permissions of Pages GSA_kwCzR0hTQS00NzRmLWNteDUtZ202Oc4AApYV

maven com.liferay.portal:release.portal.bom, com.liferay.portal:release.dxp.bom
Moderate
about 3 years ago

Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Edit Vocabulary Page GSA_kwCzR0hTQS12cHZtLTN3ZnctNWY1Y84AApYh

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
about 3 years ago

Liferay Portal and Liferay DXP Fails to Check User Permissions for Workflow Submissions GSA_kwCzR0hTQS1nN3hjLW03NjItd2c4Zs4AApX8

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
about 3 years ago

Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) GSA_kwCzR0hTQS05OTk1LXF2Y2cteDdnNs4AApYE

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
about 3 years ago

Liferay Portal and Liferay DXP Allows Arbitrary Redirect of Users to External URLs GSA_kwCzR0hTQS1tajh3LWg1MjItandtOM4AApYH

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
about 3 years ago

Liferay Portal and Liferay DXP Fails to Properly Check User Permissions GSA_kwCzR0hTQS1nMzdmLWo4aGgtNzM2Zs4AApX-

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
High
about 3 years ago

Liferay Portal and Liferay DXP Vulnerable to Multiple SQL Injections GSA_kwCzR0hTQS1mOXdqLWM1cGMtZzlyaM4AAohx

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
about 3 years ago

Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via Asset Module Parameter GSA_kwCzR0hTQS05ZzU3LW01dmYtcXA3M84AAoha

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
about 3 years ago

Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via the Redirect's Admin Page GSA_kwCzR0hTQS1xY3Y0LWd2NDMtNDk4ds4AAohR

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
about 3 years ago

Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in the Layout Admin Page GSA_kwCzR0hTQS00Zng4LTgyZjMteGNwY84AAohY

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
about 3 years ago

Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via Membership Request Admin Page GSA_kwCzR0hTQS13Y3I1LTNxOTYtYzJncs4AAohc

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
about 3 years ago

Liferay Portal and Liferay DXP May Reveal S3 Store's Proxy Password GSA_kwCzR0hTQS14eDJoLTJoZjUtdjd2ds4AAohe

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
about 3 years ago

Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Asset Publisher App GSA_kwCzR0hTQS1qdnZ4LThnNDItOTU1Oc4AAohQ

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
about 3 years ago

Liferay Portal and Liferay DXP Fails to Check Permissions GSA_kwCzR0hTQS1wcjd2LXF2NjUtcnA5bc4AAohh

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
High
about 3 years ago

Liferay Portal and Liferay DXP Fails to Invalidate CAPTCHA Answers After Use GSA_kwCzR0hTQS05bXhnLXA4NzMtNjc5M84AAogj

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
about 3 years ago

Liferay Portal and Liferay DXP Reveals Data via Overly Verbose Error Messages GSA_kwCzR0hTQS04N3g3LXB3cngtamNoN84AAogi

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
about 3 years ago

Liferay Portal and Liferay DXP Bypass via Double Encoded URL GSA_kwCzR0hTQS12cnd4LXE5cGoteDQ4OM4AAmDc

maven com.liferay.portal:com.liferay.portal.impl, com.liferay.portal:release.portal.bom, com.liferay.portal:release.dxp.bom
High
about 3 years ago

Liferay Portal and Liferay DXP have Insecure Deserialization Vulnerability GSA_kwCzR0hTQS1tZzNyLTlqaDgtMzNyOc4AAlbG

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
High
about 3 years ago

Liferay Portal and Liferay DXP Potentially Reveal LDAP Server Password via Unsafe Connection GSA_kwCzR0hTQS03NzNmLWY5MjktcWdqas4AAlbC

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom

Filter by Severity

Filter by Ecosystem

Filter by Package

org.jenkins-ci.main:jenkins-core 239 org.apache.tomcat:tomcat 138 com.liferay.portal:release.portal.bom 110 com.liferay.portal:release.dxp.bom 105 com.fasterxml.jackson.core:jackson-databind 69 org.apache.struts:struts2-core 57 org.keycloak:keycloak-core 50 org.apache.tomcat.embed:tomcat-embed-core 46 org.keycloak:keycloak-services 41 org.elasticsearch:elasticsearch 41 org.xwiki.platform:xwiki-platform-oldcore 41 com.thoughtworks.xstream:xstream 37 net.mingsoft:ms-mcms 36 com.jfinal:jfinal 36 org.jenkins-ci.plugins:script-security 34 io.undertow:undertow-core 34 org.apache.solr:solr-core 28 org.opencms:opencms-core 27 org.springframework.security:spring-security-core 26 org.eclipse.jetty:jetty-server 25 org.keycloak:keycloak-parent 24 org.bouncycastle:bcprov-jdk14 22 org.apache.openmeetings:openmeetings-parent 22 org.apache.tomcat:tomcat-catalina 21 org.apache.nifi:nifi 21 org.cloudfoundry.identity:cloudfoundry-identity-server 20 org.apache.tomcat:tomcat-coyote 19 org.xwiki.platform:xwiki-platform-web-templates 19 com.vaadin:vaadin-bom 18 org.apache.geode:geode-core 17 org.springframework:spring-core 17 org.apache.inlong:manager-pojo 17 org.apache.jspwiki:jspwiki-main 16 org.apache.dubbo:dubbo 16 org.bouncycastle:bcprov-jdk15 16 org.apache.ranger:ranger 16 org.apache.activemq:activemq-client 16 org.apache.struts.xwork:xwork-core 15 org.xwiki.platform:xwiki-platform-web 14 org.apache.cxf:cxf-core 13 org.apache.hadoop:hadoop-main 13 org.jenkins-ci.plugins.workflow:workflow-cps 13 org.graylog2:graylog2-server 12 org.apache.dolphinscheduler:dolphinscheduler 12 org.apache.hadoop:hadoop-common 12 org.jeecgframework.boot:jeecg-boot-parent 12 org.springframework:spring-webmvc 12 org.apache.cxf:cxf 12 org.jenkins-ci.plugins:git 12 org.springframework:spring-web 12 com.vaadin:flow-server 12 org.jenkins-ci.plugins:email-ext 11 ai.h2o:h2o-core 11 org.apache.archiva:archiva 11 org.mortbay.jetty:jetty 11 org.apache.commons:commons-compress 11 org.igniterealtime.openfire:parent 11 org.apache.camel:camel-core 11 com.xuxueli:xxl-job 11 org.apache.james:james-server 11 org.geoserver.web:gs-web-app 11 org.apache.jspwiki:jspwiki-war 11 org.xwiki.platform:xwiki-platform-administration-ui 11 org.apache.tika:tika-core 11 org.bouncycastle:bcprov-jdk15on 11 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 10 io.netty:netty 10 com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer 10 h2o 10 org.apache.kylin:kylin 10 org.jboss.netty:netty 10 org.apache.inlong:manager-service 10 org.apache.hive:hive-exec 10 org.craftercms:crafter-studio 10 mysql:mysql-connector-java 9 org.jenkins-ci.plugins:active-directory 9 org.apache.tapestry:tapestry-core 9 org.jenkins-ci.plugins:electricflow 9 org.opennms:opennms 9 org.postgresql:postgresql 9 org.jenkins-ci.plugins:config-file-provider 9 org.apache.linkis:linkis 9 org.bouncycastle:bcprov-jdk15to18 9 pyspark 9 io.jenkins:configuration-as-code 9 org.apache.hive:hive 9 cn.hutool:hutool-core 9 org.opencrx:opencrx-core-models 9 bootstrap 9 org.apache.xmlgraphics:batik 9 bootstrap 9 org.apache.shiro:shiro-core 9 bootstrap 9 org.webjars:bootstrap 9 twbs/bootstrap 9 org.apache.ambari:ambari 8 org.jenkins-ci.plugins:ec2 8 org.apache.pdfbox:pdfbox 8 io.jenkins.blueocean:blueocean 8 org.yaml:snakeyaml 8 jquery 8 org.apache.zeppelin:zeppelin 8 org.jeecgframework.boot:jeecg-boot-common 8 org.jenkins-ci.plugins:oic-auth 8 jquery-rails 8 com.ruoyi:ruoyi 8 org.webjars.npm:jquery 8 org.apache.cassandra:cassandra-all 8 org.xwiki.platform:xwiki-platform-rest-server 8 com.hazelcast:hazelcast 8 org.jenkins-ci.plugins:subversion 8 org.apache.santuario:xmlsec 8 org.opensearch.plugin:opensearch-security 8 org.apache.streampark:streampark 8 org.silverpeas.core:silverpeas-core-web 8 org.apache.hive:hive-service 8 org.apache.ozone:ozone-main 8 org.jenkins-ci.plugins:rundeck 7 org.apache.cxf:apache-cxf 7 org.owasp.esapi:esapi 7 io.dataease:dataease-plugin-common 7 org.jenkins-ci.plugins:artifactory 7 org.webjars.npm:jquery-ui 7 org.apache.derby:derby 7 rubygems-update 7 org.apache.logging.log4j:log4j-core 7 io.netty:netty-handler 7 org.apache.spark:spark-core_2.11 7 org.apache.wicket:wicket-core 7 net.opentsdb:opentsdb 7 org.apache.poi:poi 7 bootstrap-sass 7 jQuery.UI.Combined 7 org.jruby:jruby-stdlib 7 io.jenkins.plugins:warnings-ng 7 io.jenkins.plugins:miniorange-saml-sp 7 org.apache.druid:druid 7 org.apache.atlas:atlas-common 7 org.jenkins-ci.plugins:jobConfigHistory 7 org.apache.karaf:apache-karaf 7 org.apache.inlong:manager-web 7 org.owasp.antisamy:antisamy 7 jquery-ui 7 org.opencastproject:opencast-kernel 7 io.jenkins.plugins:cavisson-ns-nd-integration 7 bootstrap.sass 7 org.jboss.resteasy:resteasy-client 7 jQuery 7 org.jenkins-ci.plugins:openshift-deployer 7 org.apache.tika:tika 7 io.atomix:atomix 7 org.apache.activemq:activemq-parent 7 org.jeecgframework.boot:jeecg-boot-base 7 commons-fileupload:commons-fileupload 7 org.jenkins-ci.plugins:mercurial 7 jquery-ui-rails 7 org.jenkins-ci.plugins:gitlab-plugin 6 com.google.protobuf:protobuf-java 6 org.geoserver:gs-wms 6 org.apache.ignite:ignite-core 6 apache-iotdb 6 org.apache.spark:spark-core_2.10 6 bootstrap-sass 6 org.apache.zeppelin:zeppelin-server 6 org.jenkins-ci.plugins:repository-connector 6 org.jenkins-ci.plugins:htmlpublisher 6 org.xwiki.commons:xwiki-commons-xml 6 org.apache.httpcomponents:httpclient 6 de.tum.in.ase:artemis-java-test-sandbox 6 org.csanchez.jenkins.plugins:kubernetes 6 org.keycloak:keycloak-quarkus-server 6 com.xebialabs.deployit.ci:deployit-plugin 6 io.netty:netty-codec-http 6 org.wildfly:wildfly-parent 6 axis:axis 6 org.bouncycastle:bcprov-jdk18on 6 com.jflyfox:jflyfox_jfinal 6 org.apache.pulsar:pulsar-broker 6 org.apache.struts:struts2-rest-plugin 6 org.apache.shenyu:shenyu-common 6 org.jenkins-ci.plugins:gitlab-oauth 6 org.jenkins-ci.plugins:ec2-deployment-dashboard 6 hudson.plugins:project-inheritance 6 org.apache.storm:storm-core 6 org.apache.zookeeper:zookeeper 6 com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger 6 com.liferay.portal:com.liferay.portal.impl 6 org.apache.solr:solr-parent 6 org.jenkins-ci.plugins:pipeline-maven 6 cn.hutool:hutool-json 6 org.apache.axis:axis 6 org.apache.kafka:kafka 6 org.jenkins-ci.plugins:fortify-on-demand-uploader 6 org.apache.syncope:syncope-core 6 org.jenkins-ci.plugins:credentials-binding 6 org.infinispan:infinispan-core 6 org.apache.mesos:mesos 6 org.jenkins-ci.plugins:azure-vm-agents 6 com.xuxueli:xxl-job-core 6 com.nimbusds:nimbus-jose-jwt 6

Filter by Repository