Vulnerabilidades em Liferay
210 resultadosCVE-2025-4388MEDIUMA reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.QEPSS 3.4%CVE-2023-42627CRITICALMultiple stored cross-site scripting (XSS) vulnerabilities in the Commerce module in Liferay Portal 7.3.5 through 7.4.3.91, and Liferay DXP EPSS 2.3%CVE-2023-42628CRITICALStored cross-site scripting (XSS) vulnerability in the Wiki widget in Liferay Portal 7.1.0 through 7.4.3.87, and Liferay DXP 7.0 fix pack 83EPSS 2.2%CVE-2023-42629CRITICALStored cross-site scripting (XSS) vulnerability in the manage vocabulary page in Liferay Portal 7.4.2 through 7.4.3.87, and Liferay DXP 7.4 EPSS 2.2%CVE-2024-25608MEDIUMHtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 EPSS 1.0%CVE-2023-33950MEDIUMPattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expressions that are EPSS 0.9%CVE-2023-33948MEDIUMThe Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media files which can EPSS 0.7%CVE-2023-33949MEDIUMIn Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to verify their email EPSS 0.7%CVE-2024-26265MEDIUMThe Image Uploader module in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.EPSS 0.7%CVE-2024-25143MEDIUMThe Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service packEPSS 0.7%CVE-2023-47797CRITICALReflected cross-site scripting (XSS) vulnerability on a content page’s edit page in Liferay Portal 7.4.3.94 through 7.4.3.95 allows remote aEPSS 0.7%CVE-2023-40191CRITICALReflected cross-site scripting (XSS) vulnerability in the instance settings for Accounts in Liferay Portal 7.4.3.44 through 7.4.3.97, and LiEPSS 0.6%CVE-2023-47795CRITICALStored cross-site scripting (XSS) vulnerability in the Document and Media widget in Liferay Portal 7.4.3.18 through 7.4.3.101, and Liferay DEPSS 0.6%CVE-2024-25602CRITICALStored cross-site scripting (XSS) vulnerability in Users Admin module's edit user page in Liferay Portal 7.2.0 through 7.4.2, and older unsuEPSS 0.6%CVE-2023-42496CRITICALReflected cross-site scripting (XSS) vulnerability on the add assignees to a role page in Liferay Portal 7.3.3 through 7.4.3.97, and LiferayEPSS 0.6%CVE-2023-42498CRITICALReflected cross-site scripting (XSS) vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 through 7.4.3.97, and LifeEPSS 0.6%CVE-2023-33946LOWThe Object module in Liferay Portal 7.4.3.4 through 7.4.3.48, and Liferay DXP 7.4 before update 49 does properly isolate objects in differenEPSS 0.6%CVE-2023-33947LOWThe Object module in Liferay Portal 7.4.3.4 through 7.4.3.60, and Liferay DXP 7.4 before update 61 does not segment object definition by virEPSS 0.6%CVE-2024-38002CRITICALThe workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, EPSS 0.6%CVE-2024-25146MEDIUMLiferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and oEPSS 0.6%