Skip to Main Content

Planned maintenance is scheduled for the week of June 15th - the exact date and time will be announced soon. See More Details

Blogs
Contribute
Meet
Security
Discuss
Download
Learn
Log In

Known Vulnerabilities

Sort By

Search Bar

Start filtering with some of the facets on the left, then if you need to, add search keywords below!

Selected Filter

Liferay Portal 7.1 (136)

Affected Releases

LIferay DXP 7.0 (18)
LIferay DXP 7.1 (26)
Liferay DXP 7.2 (26)
Liferay DXP 7.3 (24)
Liferay DXP 7.4 (22)
Liferay DXP 2023.Q3 (18)
Liferay DXP 2023.Q4 (12)
Liferay DXP 2024 Q1 (4)
Liferay Portal 6.2 CE (17)
Liferay Portal 7.0 (50)
Liferay Portal 7.1 (136)
Liferay Portal 7.2 (86)
Liferay Portal 7.3 (61)
Liferay Portal 7.4 (34)

Fixed Versions

Liferay DXP 7.1

Liferay DXP 7.1 fix pack 18 (1)
Liferay DXP 7.1 fix pack 27 (1)

Liferay DXP 7.2

Liferay DXP 7.2 fix pack 5 (1)
Liferay DXP 7.2 fix pack 18 (1)

Liferay DXP 7.3

Liferay DXP 7.3 GA1 (1)
Liferay DXP 7.3 U35 (2)
Liferay DXP 7.3 U36 (5)
Liferay DXP 7.3 update 4 (1)
Liferay DXP 7.3 Update 26 (1)
Liferay DXP 7.3 update 30 (1)
Liferay DXP 7.3 update 34 (1)
Liferay DXP 7.3 Update 35 (1)
Liferay DXP 7.3 update 36 (1)
Liferay DXP 7.3 Update 36 (1)

Liferay DXP 7.4

Liferay DXP 7.4 update 9 (1)
Liferay DXP 7.4 Update 10 (1)
Liferay DXP 7.4 Update 39 (1)
Liferay DXP 7.4 update 88 (2)

Liferay DXP 2023.Q3

Liferay DXP 2023.Q3.1 (1)
Liferay DXP 2023.Q3.5 (7)
Liferay DXP 2023.Q3.6 (2)
Liferay DXP 2023.Q3.9 (2)

Liferay DXP 2023.Q4

Liferay DXP 2023.Q4.0 (4)
Liferay DXP 2023.Q4.1 (3)
Liferay DXP 2023.Q4.3 (1)
Liferay DXP 2023.Q4.6 (1)
Liferay DXP 2023.Q4.8 (1)
Liferay DXP 2023.Q4.9 (1)

Liferay DXP 2024.Q1

Liferay DXP 2024.Q1.1 (13)
Liferay DXP 2024.Q1.6 (3)
Liferay DXP 2024.Q1.7 (1)

Liferay DXP 2024.Q2

Liferay DXP 2024.Q2.0 (5)

Liferay DXP 2024.Q3

Liferay DXP 2024.Q3.0 (1)

Liferay DXP 2024.Q4

Liferay DXP 2024.Q4.0 (1)

Liferay Portal 7.1

Liferay Portal 7.1.1 (15)
Liferay Portal 7.1.2 (7)
Liferay Portal 7.1.3 (10)

Liferay Portal 7.2

Liferay Portal 7.2.1 (17)

Liferay Portal 7.3

Liferay Portal 7.3.0 (1)
Liferay Portal 7.3.1 (4)
Liferay Portal 7.3.2 (5)
Liferay Portal 7.3.3 (10)
Liferay Portal 7.3.4 (1)
Liferay Portal 7.3.5 (4)
Liferay Portal 7.3.6 (2)
Liferay Portal 7.3.7 (2)

Liferay Portal 7.4

Liferay Portal 7.4.1 (1)
Liferay Portal 7.4.2 (1)
Liferay Portal 7.4.3.4 (5)
Liferay Portal 7.4.3.5 (4)
Liferay Portal 7.4.3.13 (1)
Liferay Portal 7.4.3.22 (1)
Liferay Portal 7.4.3.39 (1)
Liferay Portal 7.4.3.88 (2)
Liferay Portal 7.4.3.98 (2)
Liferay Portal 7.4.3.100 (1)
Liferay Portal 7.4.3.102 (2)
Liferay Portal 7.4.3.110 (1)
Liferay Portal 7.4.3.112 (6)
Liferay Portal 7.4.3.113 (1)
Liferay Portal 7.4.3.120 (4)

Liferay Portal 7.4.3

Liferay Portal 7.4.3.4 (5)
Liferay Portal 7.4.3.5 (4)
Liferay Portal 7.4.3.13 (1)
Liferay Portal 7.4.3.22 (1)
Liferay Portal 7.4.3.39 (1)
Liferay Portal 7.4.3.88 (2)
Liferay Portal 7.4.3.98 (2)
Liferay Portal 7.4.3.100 (1)
Liferay Portal 7.4.3.102 (2)
Liferay Portal 7.4.3.110 (1)
Liferay Portal 7.4.3.112 (6)
Liferay Portal 7.4.3.113 (1)
Liferay Portal 7.4.3.120 (4)

Liferay DXP 7.1 fix pack 18 (1)
Liferay DXP 7.1 fix pack 27 (1)
Liferay DXP 7.2 fix pack 5 (1)
Liferay DXP 7.2 fix pack 18 (1)
Liferay DXP 7.3 GA1 (1)
Liferay DXP 7.3 U35 (2)
Liferay DXP 7.3 U36 (5)
Liferay DXP 7.3 update 4 (1)
Liferay DXP 7.3 Update 26 (1)
Liferay DXP 7.3 update 30 (1)
Liferay DXP 7.3 update 34 (1)
Liferay DXP 7.3 Update 35 (1)
Liferay DXP 7.3 update 36 (1)
Liferay DXP 7.3 Update 36 (1)
Liferay DXP 7.4 update 9 (1)
Liferay DXP 7.4 Update 10 (1)
Liferay DXP 7.4 Update 39 (1)
Liferay DXP 7.4 update 88 (2)
Liferay DXP 2023.Q3.1 (1)
Liferay DXP 2023.Q3.5 (7)
Liferay DXP 2023.Q3.6 (2)
Liferay DXP 2023.Q3.9 (2)
Liferay DXP 2023.Q4.0 (4)
Liferay DXP 2023.Q4.1 (3)
Liferay DXP 2023.Q4.3 (1)
Liferay DXP 2023.Q4.6 (1)
Liferay DXP 2023.Q4.8 (1)
Liferay DXP 2023.Q4.9 (1)
Liferay DXP 2024.Q1.1 (13)
Liferay DXP 2024.Q1.6 (3)
Liferay DXP 2024.Q1.7 (1)
Liferay DXP 2024.Q2.0 (5)
Liferay DXP 2024.Q3.0 (1)
Liferay DXP 2024.Q4.0 (1)
Liferay Portal 7.1.1 (15)
Liferay Portal 7.1.2 (7)
Liferay Portal 7.1.3 (10)
Liferay Portal 7.2.1 (17)
Liferay Portal 7.3.0 (1)
Liferay Portal 7.3.1 (4)
Liferay Portal 7.3.2 (5)
Liferay Portal 7.3.3 (10)
Liferay Portal 7.3.4 (1)
Liferay Portal 7.3.5 (4)
Liferay Portal 7.3.6 (2)
Liferay Portal 7.3.7 (2)
Liferay Portal 7.4.1 (1)
Liferay Portal 7.4.2 (1)
Liferay Portal 7.4.3.4 (5)
Liferay Portal 7.4.3.5 (4)
Liferay Portal 7.4.3.13 (1)
Liferay Portal 7.4.3.22 (1)
Liferay Portal 7.4.3.39 (1)
Liferay Portal 7.4.3.88 (2)
Liferay Portal 7.4.3.98 (2)
Liferay Portal 7.4.3.100 (1)
Liferay Portal 7.4.3.102 (2)
Liferay Portal 7.4.3.110 (1)
Liferay Portal 7.4.3.112 (6)
Liferay Portal 7.4.3.113 (1)
Liferay Portal 7.4.3.120 (4)

Liferay Portal 7.4.3.112 Liferay Portal 7.4.3.112 Liferay DXP 2024.Q1.1 Liferay DXP 2024.Q1.1 Blogs in Liferay Portal and Liferay DXP does not check permission of images in a blog entry, which...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 LIferay DXP 7.0 Liferay DXP 2023.Q3 Liferay DXP 2023.Q4
The Document Library and the Adaptive Media modules in Liferay Portal and Liferay DXP uses an incorrect cache-control header, which allows local users to obtain access to downloaded files via the...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 LIferay DXP 7.0 Liferay DXP 2023.Q3 Liferay DXP 2023.Q4
By default, Liferay Portal and Liferay DXP is vulnerable to DNS rebinding attacks, which allows remote attackers to redirect users to arbitrary external URLs. This vulnerability can be mitigated by...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 Liferay DXP 2023.Q3 Liferay DXP 2023.Q4 Liferay DXP 2024 Q1
Password enumeration vulnerability in Liferay Portal and Liferay DXP allows remote attackers to determine a user’s password even if account lockout is enabled via brute force attack. Liferay...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 Liferay DXP 2023.Q3 Liferay DXP 2023.Q4 Liferay DXP 2024 Q1
Liferay Portal and Liferay DXP stores password reset tokens in plain text, which allows attackers with access to the database to obtain the token, reset a user’s password and take over the user’s...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 LIferay DXP 7.0 Liferay DXP 2023.Q3
Liferay Portal 7.0.0 through 7.4.3.97 Liferay DXP 2023.Q3.1 through 2023.Q3.4 Liferay DXP 7.4 Liferay DXP 7.3 GA through U35 And older unsupported versions Liferay Portal 7.4.3.98 Liferay Portal...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 LIferay DXP 7.0 Liferay DXP 2023.Q3
Liferay DXP 2024.Q1.1 Liferay Portal 7.4.3.112 Liferay DXP 2023.Q3.6 Liferay DXP 2023.Q4.3 Liferay DXP 7.3 U36 The ComboServlet in Liferay Portal and Liferay DXP does not limit the number or size...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 LIferay DXP 7.0 Liferay DXP 2023.Q3 Liferay DXP 2023.Q4
Liferay DXP 7.3 U35 Liferay DXP 2023.Q3.6 Self Cross-site scripting (XSS) vulnerability on the edit Knowledge Base article page in Liferay Portal and Liferay DXP allows remote attackers to inject...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 LIferay DXP 7.0 Liferay DXP 2023.Q3
Liferay Portal 7.0.0 through 7.4.3.132 Liferay DXP 2023.Q4.0 through 2023.Q4.1 Liferay DXP 2023.Q3.1 through 2023.Q3.4 Liferay DXP 7.4 GA through update 92 Liferay DXP 7.3 GA through update 35, and...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 LIferay DXP 7.0 Liferay DXP 2023.Q3 Liferay DXP 2023.Q4
A memory leak in the headless API for StructuredContents in Liferay Portal and Liferay DXP allows an attacker to cause server unavailability (denial of service) via repeatedly calling the API...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 LIferay DXP 7.0 Liferay DXP 2023.Q3 Liferay DXP 2023.Q4 Liferay DXP 2024 Q1
Liferay Portal 7.4.3.113 Liferay DXP 2024.Q2.0 Liferay DXP 2024.Q1.1 Liferay DXP 2023.Q4.9 Liferay Portal 7.2.0 through 7.4.3.112 Liferay DXP 2023.Q4.0 through 2023.Q4.8 Liferay DXP 2023.Q3.1...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 Liferay DXP 2023.Q3 Liferay DXP 2023.Q4
Liferay DXP 2023.Q3.9 Liferay DXP 2023.Q4.8 Cross-Site Request Forgery (CSRF) vulnerability in the server (license) registration page in Liferay Portal and Liferay DXP allows remote attackers to...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0 Liferay Portal 6.2 CE LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 LIferay DXP 7.0 Liferay DXP 2023.Q3 Liferay DXP 2023.Q4
Path traversal vulnerability with the downloading and installation of Xuggler in Liferay Portal and Liferay DXP allows remote attackers to (1) add files to arbitrary locations on the server and (2)...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0 Liferay Portal 6.2 CE LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 LIferay DXP 7.0
Liferay Portal 7.4.0 through 7.4.3.38 Liferay DXP 7.4 GA through Update 38 Liferay Portal 7.4.3.39 Liferay Portal 7.4.3.39 Liferay DXP 7.4 Update 39 Liferay DXP 7.4 Update 39 This issue was...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4
Liferay DXP 2024.Q1.1 Liferay Portal 7.4.3.112 Liferay DXP 2023.Q3.5 Liferay DXP 2023.Q4.1 Liferay DXP 7.3 U36 This issue was reported by 4rth4s Liferay Portal and Liferay DXP does not limit access...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 LIferay DXP 7.0 Liferay DXP 2023.Q3 Liferay DXP 2023.Q4
Liferay DXP 2023.Q3.9 This issue was reported by foobar7 Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal and Liferay DXP allow remote authenticated users to inject...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 Liferay DXP 2023.Q3 Liferay DXP 2023.Q4
Open redirect vulnerability in the System Settings in Liferay Portal and Liferay DXP allows remote attackers to redirect users to arbitrary external URLs via the...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 Liferay DXP 2023.Q3
This issue was reported by milCERT AT and Abderrahmane BOUNHIDJA Cross-site scripting (XSS) vulnerability in the edit Service Access Policy page in Liferay Portal and Liferay DXP allows remote...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 LIferay DXP 7.0
Open redirect vulnerability in page administration in Liferay Portal and Liferay DXP allows remote attackers to redirect users to arbitrary external URLs via the...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 LIferay DXP 7.0 Liferay DXP 2023.Q3
Liferay Portal 7.4.3.22 Liferay DXP 7.4 Update 10 Liferay DXP 7.3 Update 26 Liferay Portal 7.0.0 through 7.4.3.21 Liferay DXP 7.4 GA through Update 9 Liferay DXP 7.3 GA through Update 25 Liferay...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0 Liferay Portal 6.2 CE LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 LIferay DXP 7.0
Insufficient CSRF protection for omni-administrator users in Liferay Portal and Liferay DXP allows attackers to execute Cross-Site Request Forgery Liferay Portal 7.0.0 through 7.4.3.119 Liferay DXP...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0 Liferay Portal 6.2 CE LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 LIferay DXP 7.0 Liferay DXP 2023.Q3 Liferay DXP 2023.Q4 Liferay DXP 2024 Q1
Liferay Portal and Liferay DXP does not limit access to APIs before a user has verified their email address, which allows remote users to access and edit content via the API. Liferay DXP 2023.Q3.1...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 LIferay DXP 7.0 Liferay DXP 2023.Q3
Severity 1 Stored cross-site scripting (XSS) vulnerability in the Wiki widget in Liferay Portal and Liferay DXP allows remote attackers to inject arbitrary web script or HTML into a parent wiki...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4 LIferay DXP 7.0
Liferay Portal 7.3.1 Severity 2 In Liferay Portal and Liferay DXP the default configuration does not require users to verify their email address, which allows remote attackers to create accounts...

Releases: Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0 LIferay DXP 7.1 Liferay DXP 7.2 LIferay DXP 7.0
Cross-site scripting (XSS) vulnerability in the Modified Facet widget in Liferay Portal and Liferay DXP allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 LIferay DXP 7.1 Liferay DXP 7.2 Liferay DXP 7.3 Liferay DXP 7.4
Liferay Portal 7.3.1 Stored cross-site scripting (XSS) vulnerability in Form widget configuration in Liferay Portal, and Liferay DXP allows remote attackers to inject arbitrary web script or HTML...

Releases: Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 LIferay DXP 7.1 Liferay DXP 7.2
Liferay Portal 7.0.0 - 7.0.6 Liferay Portal 7.1.0 - 7.1.3 Liferay Portal 7.2.0 - 7.2.1 Liferay Portal 7.3.0 - 7.3.7 Liferay Portal 7.4.0 - 7.4.3.4 Liferay Portal 7.4.3.5 Liferay Portal 7.4.3.5...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0
The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.2 does not validate HTTPS certificates used with DDMRESTDataProvider, which allows man-in-the-middle attackers to impersonate,...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1
Severity 2 The Dynamic Data Mapping module in Liferay Portal 7.1.0 through 7.4.3.4 does not properly check permission of form entries, which allows remote authenticated users to view and access all...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1
Severity 2 SQL injection vulnerability in the Layout module's page template upgrade process in Liferay Portal 7.1.3 through 7.4.3.4 allows remote authenticated attackers to execute arbitrary SQL...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1
Severity 2 Cross-site scripting (XSS) vulnerability in the Portal Search module's Tag Facet widget in Liferay Portal 7.1.0 through 7.4.2 allows remote attackers to inject arbitrary web script or...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1
Severity 2 Cross-site scripting (XSS) vulnerability in the Announcements module's Announcement and Alerts management page in Liferay Portal 7.1.0 through 7.4.2 allows remote attackers to inject...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1
Liferay Portal 7.0.0 through 7.2.0 does not check if a portlet mode is valid, which allows remote attackers to disable the product menu via supplying an invalid portlet mode in the URL. Severity 2...

Releases: Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0
Severity 2 The portal property, auth.login.prompt.enabled defaults to true in Liferay Portal 7.0.0 through 7.4.2 which allows attackers to enumerate and discover the existence of screen names, site...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0
Liferay Portal 7.4.3.4 January 2022 source patch for Liferay Portal 7.3.7. Details for working with source patches can be found on the Patching Liferay Portal page. There is no fix available for...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1
Stored cross-site scripting (XSS) vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1 allows remote attackers to inject arbitrary web script...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0
Severity 2 The Portal Security module in Liferay Portal 7.2.1 and earlier does not correctly import users from LDAP, which allows remote attackers to prevent a legitimate user from authenticating...

Releases: Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0 Liferay Portal 6.2 CE
The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.6 incorrectly sets default permissions for site members, which allows remote authenticated users with the site member role to add...

Releases: Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0
Cross-site scripting (XSS) vulnerability in the Server module's script console in Liferay Portal 7.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the output of a...

Releases: Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1 Liferay Portal 7.0 Liferay Portal 6.2 CE
Liferay Portal 7.3.7 Liferay Portal 7.3.7 Liferay Portal 7.4.1 August 2021 source patch for Liferay Portal 7.2.1. Details for working with source patches can be found on the Patching Liferay Portal...

Releases: Liferay Portal 7.4 Liferay Portal 7.3 Liferay Portal 7.2 Liferay Portal 7.1

20 Entries per Page
40 Entries per Page
60 Entries per Page

Showing 1 to 40 of 136 entries.

1
2
3
4

Found a Bug?

If you have found, or think you have found a bug, help us to help you by letting us know!

Learn More >

Found a Security Vulnerability?

There's a different process available if you have a security issue to report...

Learn More >

Hall of Fame!

Raise your profile - report security vulnerabilities and enter the Hall of Fame!

Learn More >

Community

Company

Feedback

Blogs

Discuss

Meet

Open Source

Download

Events

Learn

Careers

Contact Us

Contribute

Copyright © 2026 Liferay, Inc

Powered by Liferay™

This Website Uses Cookies

This website uses cookies and similar tools, some of which are provided by third parties (together “tools”). These tools enable us and the third parties to access and record certain user-related and activity data and to track your interactions with this website. These tools and the information collected are used to operate and secure this website, enhance performance, enable certain website features and functionality, analyze and improve website performance, and personalize user experience. If you click "Accept All”, you allow the deployment of all these tools and collection of the information by us and the third parties for all these purposes. If you click “Decline All” your IP address and other information may still be collected but only by tools (including third party tools) that are necessary to operate, secure and enable default website features and functionalities. Review and change your preferences by clicking the “Configurations” at any time. Visit our Privacy Policy