CVE-2025-62275 Blogs images are visible to unauthenticated users
CVE-2025-62276 Private Cache-Control header for DM and AM file download
CVE-2025-62261 Cleartext storage of password reset tickets
CVE-2025-62262 Email address in LDAP import logs
CVE-2025-62255 Self-XSS with attachment file names in Knowledge Base
CVE-2025-62254 Very large ComboServlet responses
CVE-2025-43816 Memory leak when consuming the headless API for StructuredContents
CVE-2025-43809 CSRF vulnerability with server (license) registration
CVE-2025-62250 Portal fails to verify messages from the cluster network is trusted
CVE-2025-43799 Change password requirement bypass
CVE-2023-37940 XSS with "Service Class" in Service Access Policy
CVE-2025-62253 Open redirect in page administration
CVE-2025-3526 DoS vulnerability with SessionClicks
CVE-2025-3594 DoS vulnerability with SessionClicks
CVE-2025-43748 Insufficient CSRF protection for omni-administrator actions
CVE-2025-62259 Email address verification bypass
CVE-2023-33949 Users do not have to verify their email address by default
CVE-2022-42132 LDAP credentials exposed in URL
CST-7230 Invalid portlet mode cause product menu to be inaccessible
CST-2022-01 Insecure defaults: auth.login.prompt.enabled
CVE-2022-28978 Stored XSS with user name in site membership
CVE-2021-38263 Reflected XSS with Script page
CVE-2021-38266 DoS vulnerability prevents LDAP users from authenticating
CVE-2021-38268 Site member can add new forms by default
CST-7229 Mail server DoS via MembershipRequestService
CST-7067 Reflected XSS in edit workflow configuration
CVE-2021-29040 Overly verbose JSON web services errors
CVE-2021-29043 S3 store's proxy password visible in System Settings
CVE-2021-29044 Stored XSS with membership request comment
CVE-2021-33320 Flagging content as inappropriate is not rate limited
CVE-2021-33321 Insecure default configuration allows for user enumeration using forgot password
CVE-2021-33322 Password change does not invalidate password reset tokens
CVE-2021-33325 User's unencrypted passwords stored in database
CVE-2021-33326 XSS with the title of a modal window
CVE-2021-33328 Stored XSS with Web Content Structure names and Document Types names in Categories Admin
CVE-2021-33331 Open redirect vulnerability in notifications
CVE-2021-33333 Unauthorized users can view and delete workflow submissions
CVE-2021-33334 Unauthorized users can view forms and form entries
CVE-2021-33335 Non-company admins can edit company admins
CVE-2021-33338 Adding pages exposes CSRF token
CST-7214 LDAP credentials exposed by 'Test LDAP Connection'
CST-7215 SSRF vulnerability via DDM REST Data Provider
CST-7301 DDMDataProvider API leaks REST data provider password
CST-7114 Security vulnerabilities in Apache Tika
CST-7062 Denial-of-service vulnerability with embedded portlets
CST-7063 Pingback vulnerability in blogs
CST-7064 Remote code execution vulnerability in templates
CST-7065 DoS and MiM vulnerabilities in Apache Commons HttpClient
CST-7066 Users without proper permissions can add pages
CST-7061 Path traversal vulnerability in BaseBSFPortlet
CST-7205 Unauthenticated Remote code execution via JSONWS
CST-7113 Remote Code Execution using Web Content/DDM templates
CST-7138 SQL injection in asset framework
CST-7110 Path traversal vulnerability in templates
CST-7111 RCE via JSON deserialization
CST-7109 XXE vulnerability in XSL Content & Web Content
CST-7106 SSRF vulnerability via templates
CST-7054 Blog titles leaked to users without view permission
CST-7055 Open redirect prevention circumvention
CST-7056 Form REST data provider password disclosure
CST-7057 CSRF vulnerability with comments
CST-7058 CSV injection in Forms, DDL and user export
CST-7059 Theoretical OS commaind injection in SendmailHook
CST-7053 Multiple XSS vulnerabilities in 7.0 CE GA7
CST-7046 Reflected XSS in JSONSWS API page
CST-7047 Multiple permission vulnerabilities in 7.0 CE GA6
CST-7048 User information exposure in asset tag API
CST-7049 doAsUserId leaked to third party sites
CST-7050 BREACH attack vulnerability
CST-7051 Remote code execution via Web Proxy application
CST-7052 Multiple CSRF vulnerability in 7.0 CE GA6
CST-7043 Local file disclosure via crafted URL
CST-7044 Content spoofing via URL manipulation
CST-7045 SMTP header injection vulnerability via Commons Email
CST-7042 Open redirect vulnerability in Asset Publisher
CST-7039 Password exposure in System Settings
CST-7040 Denial of service vulnerability when using Xuggler
CST-7041 Unauthorized access to system portlets/applications
CST-7038 Multiple permission vulnerabilities in 7.0 CE GA5
CST-7037 Multiple XSS vulnerabilities in 7.0 CE GA5
CST-7034 Multiple permission vulnerabilities in 7.0 CE GA4
CST-7035 Login information exposed in URL
CST-7036 Reminder query answer exposed in shared environments
CST-7033 Multiple XSS vulnerabilities in 7.0 CE GA4
CST-7028 Denial of service vulnerability via crafted URL
CST-7029 Denial of service vulnerability via the editing of a wiki page
CST-7030 Multiple XSS vulnerabilities in 7.0 CE GA4
CST-7031 Velocity/FreeMarker templates do not properly restrict variable usage
CST-7032 Paths to OSGi bundles exposed
CST-7017 Multiple XSS vulnerabilities in 7.0 CE GA3
CST-7018 RCE via TunnelServlet
CST-7019 DoS vulnerability via SessionClicks
CST-7020 XXE vulnerability in Apache Tika
CST-7021 DoS vulnerabilities in Apache Commons FileUpload
CST-7022 Open redirect vulnerability in Search
CST-7023 Password policy circumvention via forgot password
CST-7024 Multiple permission vulnerabilities in 7.0 CE GA3
CST-7025 Password exposure during a data migration
CST-7026 Password exposure in Server Administration
CST-7027 ThreadLocal may leak variables
LPS-67681 Search results include results to which a user should not have access
LPS-67682 Editing a blogs entry may reset the blog entry's permission
LPS-67683 XXE vulnerability in PDFBox
LPS-67684 LDAP credentials exposed in logs
LPS-67679 Certain types of URL can bypass the portal's open redirect prevention
LPS-67676 Reflected XSS in <aui:form> (1)
LPS-67677 Reflected XSS in <aui:form> (2)
LPS-67678 Various inline JavaScript related XSS
LPS-67675 Reflected XSS in Monitoring
LPS-66683 All users are site administrators by default
LPS-66682 CSRF token is persisted in database
LPS-66681 Open redirect vulnerability with Facebook authentication
LPS-66680 Restricted WAB resources may be accessible
LPS-66679 Various permission issues in 7.0.0
LPS-66677 Various XSS issues in 7.0.0
Powered by Liferay™
Legal
Compliance
Privacy Policy
本网站使用 Cookie
我们使用 Cookie 来提供个性化内容、分析趋势、管理网站、跟踪用户在网站上的活动,以及收集有关我们整个用户群的受众信息。接受所有 Cookie 可在我们的网站上获得最佳体验或管理您的偏好设置。 访问我们的《隐私政策》
