Saltar al contenido principal

Blogs
Feedback
Help
Meet
Known Vulnerabilities
Discuss
Download
Learn
Log In

Known Vulnerabilities

Ordenar por

Barra de búsqueda

Start filtering with some of the facets on the left, then if you need to, add search keywords below!

Selected Filter

LIferay DXP 7.1 (33)

Affected Releases

LIferay DXP 7.0 (19)
LIferay DXP 7.1 (33)
Liferay DXP 7.2 (33)
Liferay DXP 7.3 (31)
Liferay DXP 7.4 (29)
Liferay DXP 2023.Q3 (25)
Liferay DXP 2023.Q4 (17)
Liferay DXP 2024 Q1 (6)
Liferay Portal 6.2 CE (5)
Liferay Portal 7.0 (17)
Liferay Portal 7.1 (26)
Liferay Portal 7.2 (30)
Liferay Portal 7.3 (30)
Liferay Portal 7.4 (31)

Blogs in Liferay Portal and Liferay DXP does not check permission of images in a blog entry, which allows remote attackers to view the images in a blog entry via crafted URL. Liferay Portal 7.4.0...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 LIferay DXP 7.0 Liferay DXP 2023.Q3 Liferay DXP 2023.Q4
Liferay Portal 7.4.3.112 Liferay DXP 2024.Q1.1 The Document Library and the Adaptive Media modules in Liferay Portal and Liferay DXP uses an incorrect cache-control header, which allows local...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 LIferay DXP 7.0 Liferay DXP 2023.Q3 Liferay DXP 2023.Q4
By default, Liferay Portal and Liferay DXP is vulnerable to DNS rebinding attacks, which allows remote attackers to redirect users to arbitrary external URLs. This vulnerability can be mitigated by...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 Liferay DXP 2023.Q3 Liferay DXP 2023.Q4 Liferay DXP 2024 Q1
Password enumeration vulnerability in Liferay Portal and Liferay DXP allows remote attackers to determine a user’s password even if account lockout is enabled via brute force attack. Liferay Portal...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 Liferay DXP 2023.Q3 Liferay DXP 2023.Q4 Liferay DXP 2024 Q1
CSRF vulnerability in Headless API in Liferay Portal and Liferay DXP allows remote attackers to execute any Headless API via the `endpoint` parameter. Liferay Portal 7.4.0 through 7.4.3.107 Liferay...

Releases: Liferay Portal 7.4 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 Liferay DXP 2023.Q3
Liferay Portal and Liferay DXP stores password reset tokens in plain text, which allows attackers with access to the database to obtain the token, reset a user’s password and take over the user’s...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 LIferay DXP 7.0 Liferay DXP 2023.Q3
Information exposure through log file vulnerability in LDAP import feature in Liferay Portal and Liferay DXP allows local users to view user email address in the log files. Liferay Portal 7.0.0...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 LIferay DXP 7.0 Liferay DXP 2023.Q3
The ComboServlet in Liferay Portal and Liferay DXP does not limit the number or size of the files it will combine, which allows remote attackers to create very large responses that lead to a denial...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 LIferay DXP 7.0 Liferay DXP 2023.Q3 Liferay DXP 2023.Q4
Liferay Portal 7.4.0 through 7.4.3.101, and older unsupported versions Liferay DXP 2023.Q3.1 through 2023.Q3.5 Liferay DXP 7.4 GA through U92 Liferay DXP 7.3 GA through U34, and older unsupported...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 LIferay DXP 7.0 Liferay DXP 2023.Q3
Liferay Portal fixed on master branch Liferay DXP 2024.Q1.1 Liferay DXP 2023.Q4.1 Liferay DXP 2023.Q3.5 Liferay DXP 7.3 update 36 Improper Authentication in Liferay Portal and Liferay DXP allows...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 LIferay DXP 7.0 Liferay DXP 2023.Q3 Liferay DXP 2023.Q4
Liferay Portal 7.4.3.120 Liferay DXP 2024.Q1.6 Liferay DXP 2024.Q2.0 Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions Liferay DXP 2023.Q3.1 through 2023.Q3.10 Liferay DXP...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 LIferay DXP 7.0 Liferay DXP 2023.Q3 Liferay DXP 2023.Q4 Liferay DXP 2024 Q1
In Liferay Portal and Liferay DXP the audit events records a user’s password reminder answer, which allows remote authenticated users to obtain a user’s password reminder answer via the audit...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 Liferay DXP 2023.Q3 Liferay DXP 2023.Q4
Cross-Site Request Forgery (CSRF) vulnerability in the server (license) registration page in Liferay Portal and Liferay DXP allows remote attackers to register a server license via the 'orderUuid'...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0 Liferay Portal 6.2 CE LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 LIferay DXP 7.0 Liferay DXP 2023.Q3 Liferay DXP 2023.Q4
Path traversal vulnerability with the downloading and installation of Xuggler in Liferay Portal and Liferay DXP allows remote attackers to (1) add files to arbitrary locations on the server and (2)...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0 Liferay Portal 6.2 CE LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 LIferay DXP 7.0
Reflected cross-site scripting (XSS) vulnerability in Liferay Portal and Liferay DXP allows remote attackers to execute arbitrary web script or HTML via Dispatch name field. Liferay Portal 7.4.0...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4
Liferay Portal and Liferay DXP does not limit access to APIs before a user has changed their initial password, which allows remote users to access and edit content via the API. Liferay Portal...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 LIferay DXP 7.0 Liferay DXP 2023.Q3 Liferay DXP 2023.Q4
Liferay Portal 7.4.3.112 Liferay DXP 2024.Q2.0 Liferay DXP 2024.Q1.1 Liferay DXP 2023.Q4.6 Liferay DXP 2023.Q3.9 Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions Liferay DXP...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 Liferay DXP 2023.Q3 Liferay DXP 2023.Q4
Insecure direct object reference (IDOR) vulnerability in the Contacts Center widget in Liferay Portal and Liferay DXP allows remote attackers to view contact information, including the contact’s...

Releases: Liferay Portal 7.4 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 Liferay DXP 2023.Q3 Liferay DXP 2023.Q4
This issue was reported by foobar7 Insecure Direct Object Reference (IDOR) vulnerability with audit events in Liferay Portal and Liferay DXP allows remote authenticated users to from one virtual...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 Liferay DXP 2023.Q3 Liferay DXP 2023.Q4 Liferay DXP 2024 Q1
This issue was reported by argon21 Stored cross-site scripting (XSS) vulnerabilities in Web Content translation in Liferay Portal and Liferay DXP allow remote attackers to inject arbitrary web...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 Liferay DXP 2023.Q3 Liferay DXP 2023.Q4 Liferay DXP 2024 Q1
Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal and Liferay DXP allow remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 Liferay DXP 2023.Q3 Liferay DXP 2023.Q4
Liferay Portal 7.4.3.112 Liferay DXP 2024.Q1.1 Liferay DXP 2023.Q3.9 This issue was reported by foobar7 Cross-site scripting (XSS) vulnerability in the Blogs widget in Liferay Portal and Liferay...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 Liferay DXP 2023.Q3 Liferay DXP 2023.Q4
Liferay Portal 7.1.0 through 7.4.3.101 Liferay DXP 2023.Q3.0 through 2023.Q3.4 Liferay DXP 7.4 GA thorugh U92 Liferay DXP 7.3 GA thorugh U35, and older unsupported versions Liferay Portal...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 Liferay DXP 2023.Q3
Liferay Portal 7.4.3.88 Liferay DXP 2023.Q3.1 Liferay DXP 7.4 update 88 Liferay DXP 7.3 update 30 This issue was reported by milCERT AT and Abderrahmane BOUNHIDJA Cross-site scripting (XSS)...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 LIferay DXP 7.0
Open redirect vulnerability in page administration in Liferay Portal and Liferay DXP allows remote attackers to redirect users to arbitrary external URLs via the...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 LIferay DXP 7.0 Liferay DXP 2023.Q3
Liferay Portal 7.4.3.22 Liferay DXP 7.4 Update 10 Liferay DXP 7.3 Update 26 SessionClicks in Liferay Portal and Liferay DXP does not restrict the saving of request parameters in the HTTP session,...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0 Liferay Portal 6.2 CE LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 LIferay DXP 7.0
Insufficient CSRF protection for omni-administrator users in Liferay Portal and Liferay DXP allows attackers to execute Cross-Site Request Forgery Liferay Portal 7.4.3.120 Liferay DXP 2024.Q2.0...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0 Liferay Portal 6.2 CE LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 LIferay DXP 7.0 Liferay DXP 2023.Q3 Liferay DXP 2023.Q4 Liferay DXP 2024 Q1
Severity 1 The Script Console in Liferay Portal and Liferay DXP does not sufficiently protect against Cross-Site Request Forgery (CSRF) attacks, which allows remote attackers to execute arbitrary...

Releases: Liferay Portal 7.4 Liferay Portal 6.2 CE LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 LIferay DXP 7.0 Liferay DXP 2023.Q3
Liferay Portal and Liferay DXP does not limit access to APIs before a user has verified their email address, which allows remote users to access and edit content via the API. Liferay DXP 2023.Q3.1...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 LIferay DXP 7.0 Liferay DXP 2023.Q3
Severity 1 Stored cross-site scripting (XSS) vulnerability in the Wiki widget in Liferay Portal and Liferay DXP allows remote attackers to inject arbitrary web script or HTML into a parent wiki...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 LIferay DXP 7.0
Liferay DXP 7.3 GA1 Liferay Portal 7.3.1 In Liferay Portal and Liferay DXP the default configuration does not require users to verify their email address, which allows remote attackers to create...

Releases: Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0 LIferay DXP 7.1 Liferay DXP 7.2 LIferay DXP 7.0
Cross-site scripting (XSS) vulnerability in the Modified Facet widget in Liferay Portal and Liferay DXP allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4
Stored cross-site scripting (XSS) vulnerability in Form widget configuration in Liferay Portal, and Liferay DXP allows remote attackers to inject arbitrary web script or HTML via a crafted payload...

Releases: Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 LIferay DXP 7.1 Liferay DXP 7.2

20 Elementos por página
40 Elementos por página
60 Elementos por página

Mostrando el intervalo 1 - 33 de 33 resultados.

1

Found a Bug?

If you have found, or think you have found a bug, help us to help you by letting us know!

Learn How >

Found a Security Vulnerability?

There's a different process available if you have a security issue to report...

Learn How >

Hall of Fame!

Raise your profile - report security vulnerabilities and enter the Hall of Fame!

Learn How >

Community

Company

Feedback

Blogs

Discuss

Meet

Open Source

Download

Events

Learn

Careers

Contact Us

Feedback

Help

Copyright © 2026 Liferay, Inc

Powered by Liferay™

Este sitio web utiliza cookies

Usamos cookies para mostrar contenidos personalizados, analizar tendencias, administrar el sitio, llevar un seguimiento de los movimientos de los usuarios en el sitio y recopilar información demográfica sobre nuestra base de usuarios en su conjunto. Acepte todas las cookies para disfrutar de la mejor experiencia posible en nuestro sitio web, o bien administre sus preferencias. Consulte la Política de privacidad