Known Vulnerabilities for Liferay Portal by Liferay

Listed below are 10 of the newest known vulnerabilities associated with "Liferay Portal" by "Liferay".

These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE	Shortened Description	Severity	Publish Date	Last Modified
CVE-2022-25146	The Remote App module in Liferay Portal Liferay Portal v7.4.3.4 through v7.4.3.8 and Liferay DXP 7.4 before update 5 does not...	5.3 - MEDIUM	2022-03-03	2022-10-28
CVE-2021-29051	Cross-site scripting (XSS) vulnerability in the Asset module's Asset Publisher app in Liferay Portal 7.2.1 through 7.3.5, and...	6.1 - MEDIUM	2021-05-17	2021-05-25
CVE-2021-29048	Cross-site scripting (XSS) vulnerability in the Layout module's page administration page in Liferay Portal 7.3.4, 7.3.5 and L...	6.1 - MEDIUM	2021-05-17	2021-05-25
CVE-2021-29047	The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAP...	7.5 - HIGH	2021-05-16	2021-05-24
CVE-2021-29046	Cross-site scripting (XSS) vulnerability in the Asset module's category selector input field in Liferay Portal 7.3.5 and Life...	6.1 - MEDIUM	2021-05-17	2021-05-24
CVE-2021-29045	Cross-site scripting (XSS) vulnerability in the Redirect module's redirection administration page in Liferay Portal 7.3.2 thr...	6.1 - MEDIUM	2021-05-17	2021-05-24
CVE-2021-29044	Cross-site scripting (XSS) vulnerability in the Site module's membership request administration pages in Liferay Portal 7.0.0...	6.1 - MEDIUM	2021-05-17	2021-05-24
CVE-2021-29043	The Portal Store module in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21...	5.9 - MEDIUM	2021-05-17	2022-06-28
CVE-2021-29040	The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and...	5.3 - MEDIUM	2021-05-16	2021-05-24
CVE-2021-29039	Cross-site scripting (XSS) vulnerability in the Asset module's categories administration page in Liferay Portal 7.3.4 allows ...	6.1 - MEDIUM	2021-05-16	2021-05-24

Results limited to 10 most recent vulnerabilities

Known Affected Configurations (CPE V2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Liferay	Liferay Portal	7.3.3	All	All	All
Application	Liferay	Liferay Portal	7.3.2	All	All	All
Application	Liferay	Liferay Portal	7.3.1	All	All	All
Application	Liferay	Liferay Portal	7.3.0	All	All	All
Application	Liferay	Liferay Portal	7.3	ga1	All	All
Application	Liferay	Liferay Portal	7.3	ga2	All	All
Application	Liferay	Liferay Portal	7.2.1	All	All	All
Application	Liferay	Liferay Portal	7.2.0	alpha1	All	All
Application	Liferay	Liferay Portal	7.2.0	alpha1	All	All
Application	Liferay	Liferay Portal	7.2.0	beta1	All	All
Application	Liferay	Liferay Portal	7.2.0	beta1	All	All
Application	Liferay	Liferay Portal	7.2.0	beta2	All	All
Application	Liferay	Liferay Portal	7.2.0	beta2	All	All
Application	Liferay	Liferay Portal	7.2.0	beta3	All	All
Application	Liferay	Liferay Portal	7.2.0	beta3	All	All
Application	Liferay	Liferay Portal	7.2.0	ga1	All	All
Application	Liferay	Liferay Portal	7.2.0	m2	All	All
Application	Liferay	Liferay Portal	7.2.0	milestone2	All	All
Application	Liferay	Liferay Portal	7.2.0	rc1	All	All
Application	Liferay	Liferay Portal	7.2.0	rc2	All	All

Results limited to 20 most recent known configurations