Known Vulnerabilities

Liferay Portal 7.4.3.112 Liferay Portal 7.4.3.112 Liferay DXP 2024.Q1.1 Liferay DXP 2024.Q1.1 Blogs in Liferay Portal and Liferay DXP does not check permission of images in a blog entry, which...

The Document Library and the Adaptive Media modules in Liferay Portal and Liferay DXP uses an incorrect cache-control header, which allows local users to obtain access to downloaded files via the...

Liferay Portal and Liferay DXP stores password reset tokens in plain text, which allows attackers with access to the database to obtain the token, reset a user’s password and take over the user’s...

Liferay Portal 7.0.0 through 7.4.3.97 Liferay DXP 2023.Q3.1 through 2023.Q3.4 Liferay DXP 7.4 Liferay DXP 7.3 GA through U35 And older unsupported versions Liferay Portal 7.4.3.98 Liferay Portal...

Liferay DXP 2024.Q1.1 Liferay Portal 7.4.3.112 Liferay DXP 2023.Q3.6 Liferay DXP 2023.Q4.3 Liferay DXP 7.3 U36 The ComboServlet in Liferay Portal and Liferay DXP does not limit the number or size...

Liferay DXP 7.3 U35 Liferay DXP 2023.Q3.6 Self Cross-site scripting (XSS) vulnerability on the edit Knowledge Base article page in Liferay Portal and Liferay DXP allows remote attackers to inject...

Liferay Portal 7.0.0 through 7.4.3.132 Liferay DXP 2023.Q4.0 through 2023.Q4.1 Liferay DXP 2023.Q3.1 through 2023.Q3.4 Liferay DXP 7.4 GA through update 92 Liferay DXP 7.3 GA through update 35, and...

A memory leak in the headless API for StructuredContents in Liferay Portal and Liferay DXP allows an attacker to cause server unavailability (denial of service) via repeatedly calling the API...

Liferay DXP 2023.Q3.9 Liferay DXP 2023.Q4.8 Cross-Site Request Forgery (CSRF) vulnerability in the server (license) registration page in Liferay Portal and Liferay DXP allows remote attackers to...

Path traversal vulnerability with the downloading and installation of Xuggler in Liferay Portal and Liferay DXP allows remote attackers to (1) add files to arbitrary locations on the server and (2)...

Liferay DXP 2024.Q1.1 Liferay Portal 7.4.3.112 Liferay DXP 2023.Q3.5 Liferay DXP 2023.Q4.1 Liferay DXP 7.3 U36 This issue was reported by 4rth4s Liferay Portal and Liferay DXP does not limit access...

This issue was reported by milCERT AT and Abderrahmane BOUNHIDJA Cross-site scripting (XSS) vulnerability in the edit Service Access Policy page in Liferay Portal and Liferay DXP allows remote...

Open redirect vulnerability in page administration in Liferay Portal and Liferay DXP allows remote attackers to redirect users to arbitrary external URLs via the...

Liferay Portal 7.4.3.22 Liferay DXP 7.4 Update 10 Liferay DXP 7.3 Update 26 Liferay Portal 7.0.0 through 7.4.3.21 Liferay DXP 7.4 GA through Update 9 Liferay DXP 7.3 GA through Update 25 Liferay...

Insufficient CSRF protection for omni-administrator users in Liferay Portal and Liferay DXP allows attackers to execute Cross-Site Request Forgery Liferay Portal 7.0.0 through 7.4.3.119 Liferay DXP...

Liferay Portal and Liferay DXP does not limit access to APIs before a user has verified their email address, which allows remote users to access and edit content via the API. Liferay DXP 2023.Q3.1...

Liferay Portal 7.3.1 Severity 2 In Liferay Portal and Liferay DXP the default configuration does not require users to verify their email address, which allows remote attackers to create accounts...

Liferay Portal 7.0.0 - 7.0.6 Liferay Portal 7.1.0 - 7.1.3 Liferay Portal 7.2.0 - 7.2.1 Liferay Portal 7.3.0 - 7.3.7 Liferay Portal 7.4.0 - 7.4.3.4 Liferay Portal 7.4.3.5 Liferay Portal 7.4.3.5...

Liferay Portal 7.0.0 through 7.2.0 does not check if a portlet mode is valid, which allows remote attackers to disable the product menu via supplying an invalid portlet mode in the URL. Severity 2...

Severity 2 The portal property, auth.login.prompt.enabled defaults to true in Liferay Portal 7.0.0 through 7.4.2 which allows attackers to enumerate and discover the existence of screen names, site...

Stored cross-site scripting (XSS) vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1 allows remote attackers to inject arbitrary web script...

Severity 2 The Portal Security module in Liferay Portal 7.2.1 and earlier does not correctly import users from LDAP, which allows remote attackers to prevent a legitimate user from authenticating...

The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.6 incorrectly sets default permissions for site members, which allows remote authenticated users with the site member role to add...

Cross-site scripting (XSS) vulnerability in the Server module's script console in Liferay Portal 7.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the output of a...

Liferay Portal 7.2.1 Liferay Portal 7.2.1 In Liferay Portal 7.0.6, 7.1.3, 7.2.0, and possibly earlier unsupported versions, the MembershipRequestService APIs can be used in a denial-of-service...

Severity 2 Cross-site scripting (XSS) vulnerability in the Forms and Workflow module's edit workflow configuration in Liferay Portal 7.0.0 through 7.0.6 allows remote attackers to inject arbitrary...

The Portal Workflow module in Liferay Portal 6.2.2 through 7.3.2, user's passwords are stored in the database if workflow is enabled for new users. This allows attackers with access to the database...

Liferay Portal 7.3.3 The Dynamic Data Mapping module in Liferay Portal 7.3.2 and earlier, do not properly check user permissions, which allows remote attackers with the forms "Access in Site...

Severity 2 The Layout module in Liferay Portal 6.2.0 through 6.2.5, 7.1.0 through 7.3.2 and earlier exposes the CSRF token in URLs, which allows man-in-the-middle attackers to obtain the token and...

Insecure default configuration in Liferay Portal 6.2.3 through 7.3.2, allows remote attackers to enumerate user email addresses via the forgot password functionality. The portal.property...

Liferay Portal 7.3.1 Liferay Portal 7.3.1 May 2021 source patch for Liferay Portal 7.2.1. Details for working with source patches can be found on the Patching Liferay Portal page. There is no fix...

Cross-site scripting (XSS) vulnerability in the asset module in Liferay Portal 7.0.0 through 7.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1)...

Privilege escalation vulnerability in Liferay Portal 7.0.3 through 7.3.4 allows remote authenticated users with permission to update/edit users to take over a company administrator user account by...

Severity 2 Cross-site scripting (XSS) vulnerability in the Frontend JS module in Liferay Portal 7.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the title of a...

Severity 2 The Portal Workflow module in Liferay Portal 7.3.2 and earlier, does not properly check user permission, which allows remote authenticated users to view and delete workflow submissions...

Severity 2 Open redirect vulnerability in the Notifications module in Liferay Portal 7.0.0 through 7.3.1 allows remote attackers to redirect users to arbitrary external URLs via the 'redirect'...

Severity 2 The Flags module in Liferay Portal 7.3.1 and earlier does not limit the rate at which content can be flagged as inappropriate, which allows remote authenticated users to spam the site...

Cross-site scripting (XSS) vulnerability in the Site module's membership request administration pages in Liferay Portal 7.0.0 through 7.3.5 allows remote attackers to inject arbitrary web script or...

Severity 2 The Portal Store module in Liferay Portal 7.0.0 through 7.3.5 does not obfuscate the S3 store's proxy password, which allows attackers to steal the proxy password via man-in-the-middle...

The JSON web services in Liferay Portal 7.3.4 and earlier, the JSON web service may contain overly verbose error messages, which allows remote attackers to use the contents of error messages to...

Liferay Portal 7.x before 7.2.1, is vulnerable to Server-Side Request Forgery (SSRF) via DDM REST Data Provider which allows an attacker access to sensitive information. This issue exists because...

Severity 1 In Liferay Portal 7.2.1 and earlier, the 'Test LDAP Connection' feature can be exploited to obtain the LDAP password. Liferay Portal 7.2.1 Liferay Portal 7.2.1 June 2020 source patch for...

Severity 1 Liferay Portal 7.x before 7.3.2, does not sanitize the information returned by the DDMDataProvider API, which allows remote authenticated users to obtain the password to REST Data...

Liferay Portal 7.0.0 through 7.0.6 does not properly verify permission when creating pages which may lead to attackers changing portal settings and gaining access to sensitive information. Severity...

Severity 1 Liferay Portal 7.1.0 and earlier is vulnerable to denial-of-service (DoS) attacks via file uploads because of vulnerabilities in Apache Tika. Liferay Portal 7.1.1 Liferay Portal 7.1.1...

Liferay Portal 7.0.3 Liferay Portal 7.0.3 March 2020 source patch for Liferay Portal 6.2.5. Details for working with source patches can be found on the Patching Liferay Portal page. Severity 1 The...

Remote code execution vulnerability in DDM template in Liferay Portal 7.0.0 and earlier allows remote authenticated users with permission to create/edit templates to create templates that can run...

Server side request forgery (SSRF) vulnerability in pingback functionality of blogs in Liferay Portal before 7.1.0 allows remote attackers to send HTTP requests to intranet servers and conduct...

Severity 1 Denial-of-service vulnerability in DDM templates in Liferay Portal before 7.0.1 allows attackers to create templates with an infinite loop via embedded portlets. Liferay Portal 7.0.1...

The BaseBSFPortlet class contains a path traversal vulnerability via URL manipulation. Liferay Portal 7.0 CE does not use the BaseBSFPortlet class out of the box. However, developers extending...

In Liferay Portal 7.1 CE GA4 and earlier, a potential SQL injection vulnerability exist in the asset framework. Severity 1 March 2020 source patch for Liferay Portal 7.1.3. Details for working with...

Severity 1 In Liferay Portal 7.2.0 and earlier contains a remote code execution (RCE) vulnerability via JSON web services (JSONWS).   Workaround: Disable JSONWS by setting the portal.property...

Severity 1 Liferay Portal 7.1.0 and earlier is vulnerable to remote code execution using Web Content/DDM templates. Workaround: Review permissions and do not grant untrusted users permissions to...

Severity 1 Liferay Portal 7.1.0 and earlier is vulnerable to remote code execution (RCE) via deserialization of JSON data. Liferay Portal 7.1.1 Liferay Portal 7.1.1 March 2020 source patch for...

Liferay Portal 7.1.1 March 2020 source patch for Liferay Portal 7.0.6. Details for working with source patches can be found on the Patching Liferay Portal page. March 2020 source patch for Liferay...

The default configuration for Liferay Portal 7.0.0 through 7.1.0 allow attackers to conduct XML External Entity (XXE) attacks via XSL templates in XSL Content and Web Content. Workaround: 1....

Severity 2 Liferay Portal 7.1.0 and earlier is vulnerable to a Server-Side Request Forgery (SSRF) via Web Content templates and Application Display Templates (ADT) which may allow an attacker...

In LIferay Portal 7.0 CE GA7, a theoretical OS command injection vulnerability exists in SendmailHook. Severity 2 Liferay Portal 7.1.0 7.0.6-ce-ga7-security-1.0 patch (source) By default, the...

Severity 2 The CSV files that are exported by Liferay Portal 7.0 CE GA7 (user export, DDL export and Form export) is susceptible to CSV injection if the CSV file is opened by some spreadsheet...

Liferay Portal 7.1.0 7.0.6-ce-ga7-security-1.0 patch (source) Liferay Portal 7.1.0 In Liferay Portal 7.0 CE GA7, A cross-site request forgery (CSRF) vulnerability exist with comments. An attacker...