CVE-2025-43809 CSRF vulnerability with server (license) registration
CVE-2025-3526 DoS vulnerability with SessionClicks
CVE-2025-3594 DoS vulnerability with SessionClicks
CVE-2025-43748 Insufficient CSRF protection for omni-administrator actions
CVE-2024-8980 Mitigate against simple XSS attacks against script console
CVE-2021-38263 Reflected XSS with Script page
CVE-2021-38266 DoS vulnerability prevents LDAP users from authenticating
CVE-2021-33320 Flagging content as inappropriate is not rate limited
CVE-2021-33321 Insecure default configuration allows for user enumeration using forgot password
CVE-2021-33325 User's unencrypted passwords stored in database
CVE-2021-33338 Adding pages exposes CSRF token
CST-7114 Security vulnerabilities in Apache Tika
CST-6237 Password disclosure through IFrame portlet
CST-6238 Remote file disclosure with DDM templates
CST-6239 Denial-of-service vulnerability with file uploads
CST-6240 User with impersonate permission can elevate privileges to portal administrator
CST-7062 Denial-of-service vulnerability with embedded portlets
CST-7063 Pingback vulnerability in blogs
CST-7064 Remote code execution vulnerability in templates
CST-7065 DoS and MiM vulnerabilities in Apache Commons HttpClient
CST-7205 Unauthenticated Remote code execution via JSONWS
CST-7113 Remote Code Execution using Web Content/DDM templates
CST-7138 SQL injection in asset framework
CST-7110 Path traversal vulnerability in templates
CST-7111 RCE via JSON deserialization
CST-7106 SSRF vulnerability via templates
CST-7046 Reflected XSS in JSONSWS API page
CST-7048 User information exposure in asset tag API
CST-7049 doAsUserId leaked to third party sites
CST-7050 BREACH attack vulnerability
CST-7051 Remote code execution via Web Proxy application
CST-7043 Local file disclosure via crafted URL
CST-7044 Content spoofing via URL manipulation
CST-7040 Denial of service vulnerability when using Xuggler
CST-7035 Login information exposed in URL
CST-7036 Reminder query answer exposed in shared environments
CST-7028 Denial of service vulnerability via crafted URL
CST-7029 Denial of service vulnerability via the editing of a wiki page
CST-7031 Velocity/FreeMarker templates do not properly restrict variable usage
CST-6233 Page configuration information disclosure
CST-6234 Insufficient permission checking in Message Board and Comments
CST-6235 User credentials appear in logs
CST-6236 Various XSS issues in 6.2.5 (Part 2)
CST-7018 RCE via TunnelServlet
CST-7019 DoS vulnerability via SessionClicks
CST-7021 DoS vulnerabilities in Apache Commons FileUpload
CST-7022 Open redirect vulnerability in Search
CST-7023 Password policy circumvention via forgot password
CST-7026 Password exposure in Server Administration
CST-7027 ThreadLocal may leak variables
LPS-67681 Search results include results to which a user should not have access
LPS-67682 Editing a blogs entry may reset the blog entry's permission
LPS-67683 XXE vulnerability in PDFBox
LPS-66683 All users are site administrators by default
LPS-66682 CSRF token is persisted in database
LPS-66681 Open redirect vulnerability with Facebook authentication
LPS-64547 Remote code execution and privilege escalation in templates
LPS-64444 Digest authentication does not respect password policies
LPS-64443 Password reminder answer disclosure
LPS-64442 Open redirect vulnerability
LPS-64441 Java Serialization Vulnerability
LPS-64440 Various XSS issues in 6.2.5
LPS-64438 Various permission issues in 6.2.5
LPS-58018 XSL Content portlet can be configured with any XML/XSL
LPS-58015 CSRF attack using uploaded flash files
LPS-58014 XXE vulnerability in OpenID authentication
LPS-57597 Path traversal vulnerability with plugins
LPS-57595 Email header injection vulnerability
LPS-57582 Various permission issues in 6.2.3
LPS-57553 Old password reset links are not invalidated
LPS-57552 DoS and information leak vulnerability with GenericPortlet
LPS-57532 Various XSS issues in 6.2.3
LPS-54386 XML external entity (XXE) processing vulnerability in 6.2.2
LPS-54384 User enumeration with Sign In portlet in 6.2.2
LPS-54382 Insecure handling of authentication information in 6.2.2
LPS-54306 Incorrect permission checking in 6.2.2
LPS-54303 Various XSS issues in 6.2.2
LPS-51061 HTTP host header manipulation
LPS-51094 Various XSS issues in 6.2.1 (Part 4)
LPS-48667 Multiple unvalidated redirects in 6.2.1
LPS-48763 Guest users can obtain list of sites and workflow definition
LPS-48071 Various XSS issues in 6.2.1 (Part 3)
LPS-47460 - Struts 1 Classloader manipulation (Generic fix)
LPS-47428 Various XSS issues in 6.2.1 (Part 2)
LPS-47093 CVE-2014-0050 DoS using Apache Commons FileUpload
LPS-46552 - Struts 1 Classloader manipulation
LPS-45661 Various XSS issues in 6.2.1
LPS-43809 Various XSS Issues in Liferay Portal 6.2.0
Powered by Liferay™
Legal
Compliance
Privacy Policy
本网站使用 Cookie
我们使用 Cookie 来提供个性化内容、分析趋势、管理网站、跟踪用户在网站上的活动,以及收集有关我们整个用户群的受众信息。接受所有 Cookie 可在我们的网站上获得最佳体验或管理您的偏好设置。 访问我们的《隐私政策》
