pkg:Maven/com.liferay.portal:com.liferay.portal.impl
共 18 筆 CVEHIGH4MEDIUM4
✅ 檢查你的版本
所有已知漏洞
HIGH8.8CVE-2021-29050Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery in Terms of Use Page from 0, < 5.25.0
HIGH7.5CVE-2025-62254Liferay Portal ComboServlet denial of service via large file combination from 0, < 97.0.0
HIGH7.5CVE-2021-33322Liferay Portal and Liferay DXP fails to invalidate password reset tokens after use from 0, < 5.7.3
HIGH7.5CVE-2021-33321Liferay Portal and Liferay DXP insecure default configuration from 0, < 5.11.0
MEDIUM5.5CVE-2025-62276Liferay Portal and DXP use an incorrect cache-control header from 0, < 69.1.0
MEDIUM5.3CVE-2022-41414Liferay Portal Insecure Default Configuration in auth.login.prompt.enabled from 0, < 8.0.0
MEDIUM5.3CVE-2020-15840Liferay Portal and Liferay DXP Bypass via Double Encoded URL >= 7.2.0, < 7.4.0
MEDIUM4.3CVE-2022-26595Liferay Portal and Liferay DXP fails to check permissions to view sites/groups from 0, < 7.7.9
—CVE-2025-62261Liferay Portal Stores Password Reset Tokens in Plain Text from 0, < 92.0.2
—CVE-2025-62249Liferay Portal reflected cross-site scripting (XSS) vulnerability in the google_gaget from 0, <= 114.1.0
—CVE-2025-62252Liferay is Vulnerable to Authorization Bypass Through User-Controlled Key from 0, < 99.0.0
—CVE-2025-43813Liferay Portal vulnerable to path traversal and denial-of-service in the ComboServlet from 0, < 96.0.0
—CVE-2025-43809Liferay Portal Cross-Site Request Forgery (CSRF) vulnerability from 0, < 101.0.0
—CVE-2025-43801Liferay Portal has unchecked input for loop condition vulnerability in XML-RPC from 0, < 101.0.0
—CVE-2025-43793Liferay Portal has Improper Validation of Specified Quantity in Input from 0, < 96.0.0
—CVE-2025-43794Liferay Portal has stored cross-site scripting (XSS) vulnerability from 0, < 99.0.0
—CVE-2025-43768Liferay Portal JSONWS API endpoint shares sensitive information from 0, < 108.1.1
—CVE-2025-43735Liferay Portal and Liferay DXP have a reflected cross-site scripting vulnerability >= 7.0.4, < 109.1.0