CRITICAL9.8CVE-2022-42120Liferay Portal and Liferay DXP Vulnerable to SQL Injection via the Fragment Module >= 7.3.0, < 7.3.10.u4
CRITICAL9.8CVE-2022-42122Liferay Portal and Liferay DXP Vulnerable to SQL Injection via Friendly URL Module >= 7.3.10.fp2, < 7.3.10.u4
CRITICAL9.6CVE-2024-8980Liferay Portal and Liferay DXP Vulnerable to CSRF in the Script Console >= 2023.Q3.1, < 2023.Q3.5
CRITICAL9.6Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting
>= 7.4.13.u1, < 7.4.13.u38
CRITICAL9.6Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
>= 7.4.10.ep1, <= 7.4.13.u92
CRITICAL9.6Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting
>= 7.3.0, < 7.3.10.u4
CRITICAL9.6Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting
>= 2023.Q3, < 2023.Q3.5
CRITICAL9.6Liferay Portal stored cross-site scripting (XSS) vulnerability
>= 7.4.0, < 7.4.3.13u8
CRITICAL9.6Liferay Portal and Liferay DXP Vulnerable to XSS in the Commerce Module
>= 7.3.0, <= 7.3.10.u33
CRITICAL9.6Liferay Portal and Liferay DXP Vulnerable to XSS via the OAuth2ProviderApplicationRedirect Class
>= 7.4.13.u41, < 7.4.13.u90
CRITICAL9.6Liferay Portal and Liferay DXP Vulnerable to Reflected XSS via the Export for Translation Page
>= 7.4.0, < 7.4.13.u86
CRITICAL9.0Liferay Portal and Liferay DXP Workflow Component Does Not Check User Permissions
>= 2023.Q4.0, < 2023.Q4.6
CRITICAL9.0Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting
>= 2023.Q3, < 2023.Q3.6
CRITICAL9.0Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting
>= 7.4.13.u1, <= 7.4.13.u102
CRITICAL9.0Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting
>= 7.4.13.u1, < 7.4.13.u10
CRITICAL9.0Liferay Portal Message Board widget and Liferay DXP vulnerable to stored Cross-site Scripting
>= 7.3.0, < 7.3.10.u4
CRITICAL9.0Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site Scripting
>= 7.3.0, < 7.3.10.u4
CRITICAL9.0Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site Scripting
>= 7.3.0, < 7.3.10.u4
CRITICAL9.0Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
>= 2023.Q3, < 2023.Q3.6
CRITICAL9.0Liferay Portal has a Stored XSS with Blog entries (Insecure defaults)
>= 7.4.0, < 7.4.13.u9
CRITICAL9.0Liferay Portal and Liferay DXP Vulnerable to XSS via the Page Tree Menu
>= 7.3.10.fp1, <= 7.3.10.fp23
CRITICAL9.0Liferay Portal and Liferay DXP Vulnerable to XSS in the Wiki Widget
>= 7.0.10.fp83, <= 7.0.10.fp102
CRITICAL9.0Liferay Portal and Liferay DXP Vulnerable to Stored XSS in the Manage Vocabulary Page
>= 7.4.0, < 7.4.13.u88
CRITICAL9.0Liferay Portal and Liferay DXP Vulnerable to XSS in the Fragment Components
>= 7.4.0, < 7.4.13.u54
HIGH8.8Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the Content Page Editor
>= 2023.Q4.0, < 2023.Q4.3
HIGH8.8Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the My Account Widget
>= 2023.Q4.0, < 2023.Q4.3
HIGH8.8Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the Content Page Editor
>= 2023.Q4.0, < 2023.Q4.3
HIGH8.8Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery in Terms of Use Page
>= 7.2.0, < 7.2.10.fp11
HIGH8.8Liferay Portal and Liferay DXP Vulnerable to CSRF via the Layout Module
>= 7.4.13.u70, <= 7.4.13.u76
HIGH8.8Liferay Portal and Liferay DXP Vulnerable to SQL Injection via the Layout Module
>= 7.1.0, < 7.1.10.fp27
HIGH8.8Liferay Portal and Liferay DXP Vulnerable to Multiple SQL Injections
from 0, < 7.3.10.fp1
HIGH8.8Liferay Portal and Liferay DXP Vulnerable to Arbitrary Code Execution
>= 7.0.0, < 7.0.10.fp92
HIGH8.3Liferay Portal and Liferay DXP Potentially Reveal LDAP Server Password via Unsafe Connection
>= 7.0.0, < 7.0.10.fp89
HIGH8.1Liferay Portal defaults to a low work factor for the default password hashing algorithm
>= 7.3.0, < 7.3.10.u4
HIGH8.1Liferay Portal vulnerable to user impersonation
>= 7.2.0, < 7.2.10.fp15
HIGH8.1Liferay Portal and Liferay DXP have Insecure Deserialization Vulnerability
>= 7.0.0, < 7.0.10.fp90
HIGH8.0Liferay Portal has an XXE vulnerability in Java2WsddTask._format
>= 7.3.0, < 7.3.10.u12
HIGH7.5Liferay Portal and Liferay DXP fails to invalidate password reset tokens after use
>= 7.0.0, < 7.0.10.fp96
HIGH7.5Liferay Portal Layout Module and Liferay DXP Exposes the Cross-Site Request Forgery (CSRF) Token in URLs
>= 7.1.0, < 7.1.10.fp19
HIGH7.5Liferay Portal and Liferay DXP autosaves form data for other users to see
>= 7.1.0, < 7.1.10.fp19
HIGH7.5Liferay Portal and Liferay DXP Fails to Invalidate CAPTCHA Answers After Use
from 0, < 7.3.10.fp1
HIGH7.5Liferay Portal and Liferay DXP fails to properly import users from LDAP
from 0, < 7.3.0-ga1
HIGH7.2Liferay Portal and Liferay DXP Has Company Administrator Accounts Vulnerable to Takeovers
>= 7.1.0, < 7.1.10.fp20
MEDIUM6.5Liferay Portal and Liferay DXP vulnerable to theft of hashed password
>= 2023.Q3, < 2023.Q3.5
MEDIUM6.5Liferay Portal and Liferay DXP Allows Authenticated Users with View Permissions to Edit Permissions
MEDIUM6.5Liferay Portal and Liferay DXP Fails to Check Permissions in Translation Module
>= 7.4.13.u8, < 7.4.13.u37
MEDIUM6.5Liferay DXP Vulnerable to Denial-of-service (DoS) in the Multi-Factor Authentication Module
from 0, < 7.3.10.fp1
MEDIUM6.5Liferay Portal and Liferay DXP Fails to Sanitize API Data
>= 7.0.0, < 7.0.10.fp92
MEDIUM6.5Liferay Portal and Liferay DXP has incorrect default permissions for site members
>= 7.0.0, < 7.0.10.fp101
MEDIUM6.5Unrestricted Upload of File with Dangerous Type in Liferay Portal and Liferay DXP
from 0, < 7.1.10.fp18
MEDIUM6.3Liferay Portal and Liferay DXP Does Not Obfuscate Password Reminder Answers
from 0, < 7.2.10.fp17
MEDIUM6.3Liferay Portal and Liferay DXP Fails to Check User Permissions for Workflow Submissions
from 0, < 7.0.10.fp93
MEDIUM6.1Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting
>= 7.1, < 7.4.13.u39
MEDIUM6.1Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Two Forward Slashes
>= 7.2.10.fp15, <= 7.2.10.fp18
MEDIUM6.1Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Replacement Character
from 0, < 7.2.10.fp19
MEDIUM6.1Liferay Portal and Liferay DXP Vulnerable to Open Redirect in Countries Management's Edit Region Page
>= 2023.Q3, < 2023.Q3.6
MEDIUM6.1Liferay Portal and Liferay DXP Vulnerable to Open Redirect via the Layout Module
>= 7.4.13.u70, <= 7.4.13.u76
MEDIUM6.1Liferay Portal and Liferay DXP Vulnerable to XSS via the Layout Module
>= 7.4.13.u70, <= 7.4.13.u73
MEDIUM6.1Liferay Portal and Liferay DXP Vulnerable to XSS via the Portal Search Module
>= 7.1.0, < 7.1.10.fp27
MEDIUM6.1Liferay Portal and Liferay DXP Vulnerable to XSS via the Announcements Module
>= 7.1.0, < 7.1.10.fp27
MEDIUM6.1Liferay Portal and Liferay DXP Vulnerable to XSS in the CKEditor Integration with the Frontend Editor Module
>= 7.3.0, < 7.3.10.u6
MEDIUM6.1Liferay Portal and Liferay DXP Vulnerable to XSS in the Frontend Taglib Module
>= 7.3.0, < 7.3.10.u6
MEDIUM6.1Liferay Portal and Liferay DXP Vulnerable to XSS via the Document Library Module
>= 7.4.13.u30, < 7.4.13.u37
MEDIUM6.1Liferay Portal and Liferay DXP Vulnerable to XSS via the filter_ Prefix
from 0, < 7.4.3.5-ga5
MEDIUM6.1Liferay Portal and Liferay DXP HtmlUtil.escapeRedirect Can Be Circumvented
>= 7.0.10.fp91, < 7.0.10.fp101
MEDIUM6.1Liferay Portal and Liferay DXP Vulnerable to XSS in the Portal Search Module
>= 7.1.0
MEDIUM6.1Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via the currentURL Parameter
>= 7.0, < 7.0.10.fp99
MEDIUM6.1Liferay Portal and Liferay DXP Cross-site scripting (XSS) vulnerability in the Document Library module
>= 7.1.0, < 7.1.10.fp20
MEDIUM6.1Liferay Portal and Liferay DXP Cross-site scripting (XSS) vulnerability in the Frontend JS module
>= 7.0.0, < 7.0.10.fp96
MEDIUM6.1Liferay Portal and Liferay DXP Allows Arbitrary Redirect of Users to External URLs
>= 7.0.10.fp0, < 7.0.10.fp94
MEDIUM6.1Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS)
>= 7.1.0, < 7.1.10.fp19
MEDIUM6.1Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via Asset Module Parameter
>= 7.3.10.fp0, < 7.3.10.fp1
MEDIUM6.1Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in the Layout Admin Page
from 0, < 7.2.10.fp11
MEDIUM6.1Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via Membership Request Admin Page
>= 7.0.10.fp0, < 7.0.10.fp97
MEDIUM6.1Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via the Redirect's Admin Page
>= 7.3.10.fp0, < 7.3.10.fp1
MEDIUM6.1Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Asset Publisher App
from 0, < 7.1.10.fp21
MEDIUM6.1Liferay Portal and Liferay DXP allows arbitrary injection via web content template names
>= 7.0.0, < 7.0.10.fp94
MEDIUM6.1Liferay Portal and Liferay DXP allows arbitrary injection via the site name
>= 7.3.0, < 7.3.10.fp3
MEDIUM6.1Liferay Portal and Liferay DXP allows arbitrary injection via form field
>= 7.3.0, < 7.3.10.fp3
MEDIUM6.1Liferay Portal and Liferay DXP cross-site scripting (XSS) vulnerability via the script console
from 0, <= 7.0
MEDIUM5.9Liferay Portal and Liferay DXP Includes LDAP Credentials in the Page URL
>= 7.0.0, <= 7.0.10.fp102
MEDIUM5.9Liferay Portal and Liferay DXP May Reveal S3 Store's Proxy Password
from 0, < 7.0.10.fp97
MEDIUM5.4Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofing
>= 7.3.0, < 7.3.10.u4
MEDIUM5.4Liferay Portal and Liferay DXP Does Not Properly Restrict Membership to Child Site Based on Parent Site Options
from 0, < 7.2.10.fp15
MEDIUM5.4Liferay Portal's account lockout does not invalidate existing user sessions
>= 7.2.0, < 7.2.10.fp5
MEDIUM5.4Liferay Portal and Liferay DXP Vulnerable to XSS via the Sharing Module
>= 7.2.0, < 7.2.10.fp19
MEDIUM5.4Liferay Portal and Liferay DXP Vulnerable to XSS via the Commerce Module
>= 7.3.0, < 7.3.10.u8
MEDIUM5.4Liferay Portal and Liferay DXP Vulnerable to XSS via the Role Module
>= 7.4.0, < 7.4.13.u37
MEDIUM5.4Liferay Portal and Liferay DXP Vulnerable to XSS via the Portal Search Module
>= 7.2.0, < 7.2.10.fp19
MEDIUM5.4Liferay Portal and Liferay DXP Vulnerable to XSS in the Site Module
>= 7.0.0, < 7.0.10.fp102
MEDIUM5.4Liferay Portal Journal Module and Liferay DXP Vulnerable to Cross-Site Scripting (XSS)
>= 7.1.0, < 7.1.10.fp18
MEDIUM5.4Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Edit Vocabulary Page
>= 7.0.10.fp0, < 7.0.10.fp96
MEDIUM5.4Liferay Portal and Liferay DXP allows arbitrary injection via the name of an asset category
>= 7.3.0, < 7.3.10.fp3
MEDIUM5.4Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS) in the Gogo Shell module
>= 7.1.0, < 7.1.10.fp23
MEDIUM5.4Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS) in edit blog entry page
>= 7.3.0, < 7.3.10.fp2
MEDIUM5.4Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS)
from 0, <= 7.3
MEDIUM5.3Liferay Portal and Liferay DXP User Enumeration Vulnerability
from 0, < 7.2.10.fp20
MEDIUM5.3Liferay Portal and Liferay DXP HTTP Header Can Expose Versions
from 0, < 7.2.10.fp19
MEDIUM5.3Liferay Portal and Liferay DXP Allows Templates to be Viewed via the UI or API
from 0, < 7.2.10.fp17
MEDIUM5.3Liferay Portal allows attackers to discover the existence of sites
>= 7.3.0, < 7.3.10.u4