Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

maven

com.liferay.portal:release.dxp.bom

maven

View on github.com · View on repo1.maven.org

Security Advisories for com.liferay.portal:release.dxp.bom in maven

Moderate
3 months ago

Liferay Portal and Liferay DXP vulnerable to Stored Cross-site Scripting GSA_kwCzR0hTQS02Nng2LThqZ3YtcXBmaM4ABL8I

maven com.liferay:com.liferay.portal.workflow.task.web, com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
3 months ago

Liferay Portal and Liferay DXP vulnerable to store Cross-site Scripting GSA_kwCzR0hTQS1yY2M3LWp4N3AtaHJ2NM4ABL2G

maven com.liferay:com.liferay.portal.workflow.web, com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
4 months ago

Liferay Portal 7.4.0 and Liferay DXP have a reflected cross-site scripting (XSS) vulnerability GSA_kwCzR0hTQS1tNWM3LTVndjMtaGNwZs4ABK_9

maven com.liferay:com.liferay.frontend.taglib.clay, com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
4 months ago

Liferay Portal and Liferay DXP have a reflected cross-site scripting vulnerability GSA_kwCzR0hTQS0yMjJ3LXhtYzUtamhwM84ABK8q

maven com.liferay.portal:com.liferay.portal.impl, com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
4 months ago

Liferay Portal and Liferay DXP have a Denial Of Service via File Upload (DOS) vulnerability GSA_kwCzR0hTQS1jZzk5LW04OHgtNDIyY84ABK8J

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
4 months ago

Liferay Portal and Liferay DXP vulnerable to Server-Side Request Forgery GSA_kwCzR0hTQS02djkzLWZyZjktMnJwOM4ABK5H

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
4 months ago

Liferay Portal and Liferay DXP vulnerable to Server-Side Request Forgery GSA_kwCzR0hTQS1jNmc1LWc2cjctcTRqNs4ABK5G

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
8 months ago

Liferay Cross-site Scripting vulnerability GSA_kwCzR0hTQS1xaHA2LXZwN2MtZzd4cM4ABG8e

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
9 months ago

Liferay Portal and Liferay DXP Reveals Data via Forms GSA_kwCzR0hTQS05ZmNnLXdycDgtcWhyNM4ABFwV

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
9 months ago

Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) GSA_kwCzR0hTQS1ocmM0LXAyaDMtcGpxd84ABFp_

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
12 months ago

Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page GSA_kwCzR0hTQS1weDM4LTIzOWcteDVtZ84ABCiF

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
12 months ago

Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting GSA_kwCzR0hTQS00aHhyLTI4bXYtcTcyOc4ABCiC

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Critical
about 1 year ago

Liferay Portal and Liferay DXP Vulnerable to CSRF in the Script Console GSA_kwCzR0hTQS1jaGoyLTR2ZzctaGhnM84ABAkm

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
High
about 1 year ago

Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the My Account Widget GSA_kwCzR0hTQS02YzR2LXg5djItcmptOM4ABAk1

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Critical
about 1 year ago

Liferay Portal and Liferay DXP Workflow Component Does Not Check User Permissions GSA_kwCzR0hTQS0zbWZxLWZwMmYtdndxaM4ABAkx

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
High
about 1 year ago

Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the Content Page Editor GSA_kwCzR0hTQS1wNjNtLXZtanItd2czN84ABAkn

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
High
about 1 year ago

Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the Content Page Editor GSA_kwCzR0hTQS1obXJ4LTZwcjUtaHB3as4ABAkt

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Critical
almost 2 years ago

Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting GSA_kwCzR0hTQS1xMmN2LTdqNTgtcmZtas4AA5bF

maven com.liferay.portal:release.dxp.bom
Moderate
almost 2 years ago

Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofing GSA_kwCzR0hTQS1oZ3I2LTZoaHctODgzZs4AA5aV

maven com.liferay.portal:release.dxp.bom
Critical
almost 2 years ago

Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting GSA_kwCzR0hTQS00NGpnLWpnangtM3hnNc4AA5aM

maven com.liferay.portal:release.dxp.bom
Critical
almost 2 years ago

Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting GSA_kwCzR0hTQS1yd2h2LWh2ajItcXJxbc4AA5aN

maven com.liferay.portal:release.dxp.bom
Critical
almost 2 years ago

Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting GSA_kwCzR0hTQS1yd3hjLTRjbXctN3g3Nc4AA5aL

maven com.liferay.portal:release.dxp.bom
Critical
almost 2 years ago

Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting GSA_kwCzR0hTQS00Njh4LWZyY20tZ2h4Ns4AA5aB

maven com.liferay.portal:release.dxp.bom
Critical
almost 2 years ago

Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site Scripting GSA_kwCzR0hTQS12MnhxLW0yMnctam1wcs4AA5aH

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Critical
almost 2 years ago

Liferay Portal Message Board widget and Liferay DXP vulnerable to stored Cross-site Scripting GSA_kwCzR0hTQS1wMjh4LTRyNWgtcGg2as4AA5aJ

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Critical
almost 2 years ago

Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site Scripting GSA_kwCzR0hTQS1jcjM2LTN2cWYteDV3Nc4AA5aK

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Critical
almost 2 years ago

Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting GSA_kwCzR0hTQS01NHB2LXI2MmotOXFxY84AA5aC

maven com.liferay.portal:release.dxp.bom
Critical
almost 2 years ago

Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting GSA_kwCzR0hTQS03M3gzLThtcmctNXI5M84AA5aE

maven com.liferay.portal:release.dxp.bom
Critical
almost 2 years ago

Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting GSA_kwCzR0hTQS14cGpnLTdoeDctd2djeM4AA5aI

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
High
almost 2 years ago

Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery in Terms of Use Page GSA_kwCzR0hTQS1taDlyLTlwY3gtcng1Nc4AA5Z6

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:com.liferay.portal.impl
Moderate
almost 2 years ago

Liferay Portal and Liferay DXP Does Not Obfuscate Password Reminder Answers GSA_kwCzR0hTQS1td2hmLTZtam0tNnczaM4AA5Z2

maven com.liferay.portal:release.dxp.bom, com.liferay.commerce:com.liferay.commerce.account.web, com.liferay:com.liferay.login.web, com.liferay:com.liferay.users.admin.web, com.liferay.portal:portal-impl
Moderate
almost 2 years ago

Liferay Portal and Liferay DXP User Enumeration Vulnerability GSA_kwCzR0hTQS1xbTQzLWcyeGotaHZnNc4AA5Y1

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
almost 2 years ago

Liferay Portal and Liferay DXP vulnerable to theft of hashed password GSA_kwCzR0hTQS14cTRyLTR4ZmgtdmNoOM4AA5ZB

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Critical
almost 2 years ago

Liferay Portal has a Stored XSS with Blog entries (Insecure defaults) GSA_kwCzR0hTQS12dnBmLTUzcXgtY3hoaM4AA5Ym

maven com.liferay.portal:com.liferay.portal.web, com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
almost 2 years ago

Liferay Portal and Liferay DXP HTTP Header Can Expose Versions GSA_kwCzR0hTQS0ybXZqLXEycTMtd3hqds4AA5Yp

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
almost 2 years ago

Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Replacement Character GSA_kwCzR0hTQS01NDh4LWo2eDYtaGN2NM4AA5Yc

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
almost 2 years ago

Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Two Forward Slashes GSA_kwCzR0hTQS0zcXE1LXdjcngtNGg4cs4AA5Yk

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
High
almost 2 years ago

Liferay Portal defaults to a low work factor for the default password hashing algorithm GSA_kwCzR0hTQS00M2g5LXAzajQtMzlobc4AA5Yf

maven com.liferay.portal:com.liferay.portal.kernel, com.liferay.portal:release.portal.bom, com.liferay.portal:release.dxp.bom
Moderate
almost 2 years ago

Liferay Portal and Liferay DXP Allows Templates to be Viewed via the UI or API GSA_kwCzR0hTQS1tZjhoLWdyZmctajlqM84AA5YZ

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
almost 2 years ago

Liferay Portal and Liferay DXP Allows Authenticated Users with View Permissions to Edit Permissions GSA_kwCzR0hTQS1wdzdwLTM2NDgtcXFtZ84AA5YY

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
High
almost 2 years ago

Liferay Portal has an XXE vulnerability in Java2WsddTask._format GSA_kwCzR0hTQS04NjloLXFoZngtdzkzOc4AA5Ya

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom, com.liferay.portal:com.liferay.util.java
Moderate
almost 2 years ago

Liferay Portal and Liferay DXP Does Not Properly Restrict Membership to Child Site Based on Parent Site Options GSA_kwCzR0hTQS1xcGdoLTZ2OXctdmZ2Ns4AA5YT

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
almost 2 years ago

Liferay Portal and Liferay DXP Information Disclosure Vulnerability in the Control Panel GSA_kwCzR0hTQS00NTg1LTI4djItOGg0Ns4AA5YU

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
almost 2 years ago

Liferay Portal and Liferay DXP Vulnerable to Open Redirect in Countries Management's Edit Region Page GSA_kwCzR0hTQS1mM3JmLWNyN2YtY3djNM4AA5YP

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
almost 2 years ago

Liferay Portal denial-of-service vulnerability GSA_kwCzR0hTQS13Mjc1LW04Y3ItaGYyds4AA5J4

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
High
almost 2 years ago

Liferay Portal vulnerable to user impersonation GSA_kwCzR0hTQS1xd2o4LXFncHItOGNybc4AA5J7

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
almost 2 years ago

Liferay Portal allows attackers to discover the existence of sites GSA_kwCzR0hTQS1tcWY4LTRjcW0tcDgzeM4AA5J6

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
almost 2 years ago

Liferay Portal's account lockout does not invalidate existing user sessions GSA_kwCzR0hTQS0ybXg3LXh2ZmctZmc1M84AA5J2

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Critical
almost 2 years ago

Liferay Portal stored cross-site scripting (XSS) vulnerability GSA_kwCzR0hTQS05dmdxLXc1cHYtdjc3cc4AA5JF

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Critical
about 2 years ago

Liferay Portal and Liferay DXP Vulnerable to XSS in the Commerce Module GSA_kwCzR0hTQS1xcDY4LTV2Mzktcjg2Oc4AA2gl

maven com.liferay.portal:release.dxp.bom, com.liferay.commerce:com.liferay.commerce.address.content.web
Critical
about 2 years ago

Liferay Portal and Liferay DXP Vulnerable to XSS in the Wiki Widget GSA_kwCzR0hTQS1odjQ1LXIyZjUtZm1oas4AA2gI

maven com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.wiki.web
Critical
about 2 years ago

Liferay Portal and Liferay DXP Vulnerable to XSS via the OAuth2ProviderApplicationRedirect Class GSA_kwCzR0hTQS00OWdtLTU2ODUtOGZ4ds4AA2gK

maven com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.oauth2.provider.rest
Critical
about 2 years ago

Liferay Portal and Liferay DXP Vulnerable to XSS via the Page Tree Menu GSA_kwCzR0hTQS1qNWd2LXc4MzgtbW1jeM4AA2gC

maven com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.layout.impl
Critical
about 2 years ago

Liferay Portal and Liferay DXP Vulnerable to Reflected XSS via the Export for Translation Page GSA_kwCzR0hTQS13MmczLWo3M3EtN3F2N84AA2f7

maven com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.translation.web
Critical
about 2 years ago

Liferay Portal and Liferay DXP Vulnerable to XSS in the Fragment Components GSA_kwCzR0hTQS1qNjYzLTZqcGoteHg4Y84AA2f9

maven com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.fragment.entry.processor.impl
Critical
about 2 years ago

Liferay Portal and Liferay DXP Vulnerable to Stored XSS in the Manage Vocabulary Page GSA_kwCzR0hTQS1nNDRqLWY4d20tNjYyMs4AA2gA

maven com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.asset.categories.admin.web
Moderate
over 2 years ago

Liferay Portal and Liferay DXP Organization Selector Does Not Check User Permissions GSA_kwCzR0hTQS14cGgzLXZqY3EtZzQ4OM4AA1AN

maven com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.organizations.item.selector.web
High
over 2 years ago

Liferay Portal and Liferay DXP Vulnerable to CSRF via the Layout Module GSA_kwCzR0hTQS1wMmZjLXh4cjgtZnczcM4AAz3w

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
over 2 years ago

Liferay Portal and Liferay DXP Vulnerable to Open Redirect via the Layout Module GSA_kwCzR0hTQS0yMnc3LW01ZjgtODd2aM4AAz3y

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
over 2 years ago

Liferay Portal and Liferay DXP Vulnerable to XSS via the Layout Module GSA_kwCzR0hTQS1xeGY2LW1wMjQtNTJjds4AAz3v

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
about 3 years ago

Liferay Portal and Liferay DXP Includes LDAP Credentials in the Page URL GSA_kwCzR0hTQS1mNDNtLWhoajQtcTNqZ84AAv32

maven com.liferay:com.liferay.portal.settings.authentication.ldap.web, com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
about 3 years ago

Liferay Portal and Liferay DXP Vulnerable to XSS via the Commerce Module GSA_kwCzR0hTQS13amZtLXF4ZzItcTY3Oc4AAv35

maven com.liferay.portal:release.dxp.bom, com.liferay.commerce:com.liferay.commerce.catalog.web
Critical
about 3 years ago

Liferay Portal and Liferay DXP Vulnerable to SQL Injection via the Fragment Module GSA_kwCzR0hTQS1yNWZqLWo0NDktdnF3Ms4AAv3x

maven com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.fragment.service
Moderate
about 3 years ago

Liferay Portal and Liferay DXP Vulnerable to XSS via the Announcements Module GSA_kwCzR0hTQS0ycXdtLTltZzUtandxOM4AAv4H

maven com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.announcements.web
Moderate
about 3 years ago

Liferay Portal and Liferay DXP Vulnerable to XSS via the Sharing Module GSA_kwCzR0hTQS1wNzY4LXIybTItOHZqcs4AAv3S

maven com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.sharing.web
Critical
about 3 years ago

Liferay Portal and Liferay DXP Vulnerable to SQL Injection via Friendly URL Module GSA_kwCzR0hTQS1odzU2LTd4ajQtN2d4Ns4AAv33

maven com.liferay:com.liferay.friendly.url.service, com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
about 3 years ago

Liferay Portal and Liferay DXP Vulnerable to XSS via the Portal Search Module GSA_kwCzR0hTQS1tcjc3LTRwbTQteDl2bc4AAv3_

maven com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.portal.search.web
High
about 3 years ago

Liferay Portal and Liferay DXP Vulnerable to SQL Injection via the Layout Module GSA_kwCzR0hTQS1neHhqLWZobXItMzdqOc4AAv30

maven com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.layout.page.template.service
Moderate
about 3 years ago

Liferay Portal and Liferay DXP Vulnerable to XSS in the Frontend Taglib Module GSA_kwCzR0hTQS1nNnIyLTZ4NDYtanBwNs4AAvbH

maven com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.frontend.taglib.clay
Moderate
about 3 years ago

Liferay Portal and Liferay DXP Vulnerable to XSS via the Portal Search Module GSA_kwCzR0hTQS03ZjdnLXZoZmYtbWpxas4AAvce

maven com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.portal.search.web
Moderate
about 3 years ago

Liferay Portal and Liferay DXP Vulnerable to XSS in the CKEditor Integration with the Frontend Editor Module GSA_kwCzR0hTQS02N2pwLTI3amotNng4Nc4AAvcm

maven com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.frontend.editor.ckeditor.web
Moderate
about 3 years ago

Liferay Portal and Liferay DXP Vulnerable to XSS via the Role Module GSA_kwCzR0hTQS1jbXJ3LWNnZmMtdjZ4Ms4AAvcp

maven com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.roles.admin.web
Moderate
about 3 years ago

Liferay Portal and Liferay DXP Fails to Check Permissions in Translation Module GSA_kwCzR0hTQS1oOXd3LXdqZzQtanZ2Z84AAvAM

maven com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.translation.web
Moderate
about 3 years ago

Liferay Portal and Liferay DXP Vulnerable to XSS in the Portal Search Module GSA_kwCzR0hTQS03cjN3LXdnZ20tcGp3Zs4AAvAH

maven com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.portal.search.web
Moderate
about 3 years ago

Liferay Portal and Liferay DXP Vulnerable to XSS in the Site Module GSA_kwCzR0hTQS03bTY1LWhtdmctcnhwY84AAvAL

maven com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.site.memberships.web
Moderate
about 3 years ago

Liferay Portal and Liferay DXP HtmlUtil.escapeRedirect Can Be Circumvented GSA_kwCzR0hTQS13Mzk3LTlwMmotNngyM84AAvAJ

maven com.liferay.portal:com.liferay.util.java, com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
about 3 years ago

Liferay Portal and Liferay DXP Vulnerable to XSS via the filter_ Prefix GSA_kwCzR0hTQS04bXA5LXc3Z3ItcHZqM84AAvAQ

maven com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.fragment.renderer.collection.filter.impl
High
over 3 years ago

Liferay Portal and Liferay DXP fails to invalidate password reset tokens after use GSA_kwCzR0hTQS12d2o4LTRncmYtM3I4ds4AArKO

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:com.liferay.portal.impl
Moderate
over 3 years ago

Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via the currentURL Parameter GSA_kwCzR0hTQS13Mjh2LTg3ZzYtY2pyNs4AArAv

maven com.liferay.portal:release.dxp.bom
High
over 3 years ago

Liferay Portal and Liferay DXP Has Company Administrator Accounts Vulnerable to Takeovers GSA_kwCzR0hTQS01Z2g5LWc2MmgtZjM1bc4AApas

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
High
over 3 years ago

Liferay Portal Layout Module and Liferay DXP Exposes the Cross-Site Request Forgery (CSRF) Token in URLs GSA_kwCzR0hTQS00ZnJnLXJweDYtOTZxaM4AApaL

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
over 3 years ago

Liferay Portal Fragment Module and Liferay DXP Vulnerable to Cross-Site Scripting GSA_kwCzR0hTQS03cHhoLXE2anctNnhqOM4AApaW

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
over 3 years ago

Liferay Portal Journal Module and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) GSA_kwCzR0hTQS1mdmc2LTlyODgtN3c4Nc4AApad

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
over 3 years ago

Liferay Portal and Liferay DXP Cross-site scripting (XSS) vulnerability in the Document Library module GSA_kwCzR0hTQS12ODhnLTdmeDQtOXE3Zs4AApaP

maven com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.document.library.web
Moderate
over 3 years ago

Liferay Portal and Liferay DXP Don't Check Permissions of Pages GSA_kwCzR0hTQS00NzRmLWNteDUtZ202Oc4AApYV

maven com.liferay.portal:release.portal.bom, com.liferay.portal:release.dxp.bom
Moderate
over 3 years ago

Liferay Portal and Liferay DXP vulnerable to email spam via lack of flagging rate GSA_kwCzR0hTQS13ZzR4LWhmOTQtZmo1ds4AApYl

maven com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.flags.taglib
Moderate
over 3 years ago

Liferay Portal and Liferay DXP Stores User Passwords in Cleartext GSA_kwCzR0hTQS02Yzg4LWd2eHctZjVoZ84AApYt

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
over 3 years ago

Liferay Portal and Liferay DXP Cross-site scripting (XSS) vulnerability in the Frontend JS module GSA_kwCzR0hTQS1oZ2p2LTd3anItcXdxcM4AApYn

maven com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.frontend.js.aui.web
Moderate
over 3 years ago

Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Edit Vocabulary Page GSA_kwCzR0hTQS12cHZtLTN3ZnctNWY1Y84AApYh

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
over 3 years ago

Liferay Portal and Liferay DXP does not properly check user permission GSA_kwCzR0hTQS0yMndjLTd3bW0tdjRjY84AApYv

maven com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.portlet.configuration.web
High
over 3 years ago

Liferay Portal and Liferay DXP autosaves form data for other users to see GSA_kwCzR0hTQS1meHBmLWpyMnEtdnB2ds4AApYT

maven com.liferay.portal:release.dxp.bom, com.liferay:com.liferay.dynamic.data.mapping.form.web
Moderate
over 3 years ago

Liferay Portal and Liferay DXP Fails to Properly Check User Permissions GSA_kwCzR0hTQS1nMzdmLWo4aGgtNzM2Zs4AApX-

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
over 3 years ago

Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) GSA_kwCzR0hTQS05OTk1LXF2Y2cteDdnNs4AApYE

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
over 3 years ago

Liferay Portal and Liferay DXP Fails to Check User Permissions for Workflow Submissions GSA_kwCzR0hTQS1nN3hjLW03NjItd2c4Zs4AApX8

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
over 3 years ago

Liferay Portal and Liferay DXP Allows Arbitrary Redirect of Users to External URLs GSA_kwCzR0hTQS1tajh3LWg1MjItandtOM4AApYH

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
over 3 years ago

Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via Membership Request Admin Page GSA_kwCzR0hTQS13Y3I1LTNxOTYtYzJncs4AAohc

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
over 3 years ago

Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via the Redirect's Admin Page GSA_kwCzR0hTQS1xY3Y0LWd2NDMtNDk4ds4AAohR

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
over 3 years ago

Liferay Portal and Liferay DXP May Reveal S3 Store's Proxy Password GSA_kwCzR0hTQS14eDJoLTJoZjUtdjd2ds4AAohe

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Moderate
over 3 years ago

Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via Asset Module Parameter GSA_kwCzR0hTQS05ZzU3LW01dmYtcXA3M84AAoha

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
High
over 3 years ago

Liferay Portal and Liferay DXP Vulnerable to Multiple SQL Injections GSA_kwCzR0hTQS1mOXdqLWM1cGMtZzlyaM4AAohx

maven com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom

Filter by Severity

Moderate 81 Critical 24 High 18