Known Vulnerabilities for products from Liferay

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Liferay".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE	Shortened Description	Severity	Publish Date	Last Modified
CVE-2023-3426	The organization selector in Liferay Portal 7.4.3.81 through 7.4.3.85, and Liferay DXP 7.4 update 81 through 85 does not chec...	4.3 - MEDIUM	2023-08-02	2023-08-02
CVE-2022-25146	RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new secur...	5.3 - MEDIUM	2022-03-03	2022-10-28
CVE-2021-38269	RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new secur...	5.4 - MEDIUM	2022-03-03	2022-05-13
CVE-2021-38268	RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new secur...	6.5 - MEDIUM	2022-03-02	2022-10-05
CVE-2021-38267	RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new secur...	5.4 - MEDIUM	2022-03-03	2022-06-16
CVE-2021-38266	RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new secur...	7.5 - HIGH	2022-03-02	2022-05-13
CVE-2021-38265	RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new secur...	5.4 - MEDIUM	2022-03-03	2022-07-30
CVE-2021-38264	RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new secur...	6.1 - MEDIUM	2022-03-03	2022-06-05
CVE-2021-38263	RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new secur...	6.1 - MEDIUM	2022-03-03	2022-05-13
CVE-2021-35463	Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote attackers to inj...	6.1 - MEDIUM	2021-08-04	2021-08-11
CVE-2021-33990	RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new secur...	9.8 - CRITICAL	2023-04-16	2023-04-26
CVE-2021-33339	Cross-site scripting (XSS) vulnerability in the Fragment module in Liferay Portal 7.2.1 through 7.3.4, and Liferay DXP 7.2 be...	4.8 - MEDIUM	2021-08-04	2021-08-11
CVE-2021-33338	The Layout module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 6, e...	7.5 - HIGH	2021-08-04	2021-08-11
CVE-2021-33337	Cross-site scripting (XSS) vulnerability in the Document Library module's add document menu in Liferay Portal 7.3.0 through 7...	6.1 - MEDIUM	2021-08-04	2021-08-11
CVE-2021-33336	Cross-site scripting (XSS) vulnerability in the Journal module's add article menu in Liferay Portal 7.3.0 through 7.3.3, and ...	5.4 - MEDIUM	2021-08-04	2021-08-11
CVE-2021-33335	Privilege escalation vulnerability in Liferay Portal 7.0.3 through 7.3.4, and Liferay DXP 7.1 before fix pack 20, and 7.2 bef...	7.2 - HIGH	2021-08-03	2022-07-12
CVE-2021-33334	The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix...	4.3 - MEDIUM	2021-08-03	2021-08-11
CVE-2021-33333	The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 1...	6.3 - MEDIUM	2021-08-03	2021-08-11
CVE-2021-33332	Cross-site scripting (XSS) vulnerability in the Portlet Configuration module in Liferay Portal 7.1.0 through 7.3.2, and Lifer...	6.1 - MEDIUM	2021-08-03	2021-08-11
CVE-2021-33331	Open redirect vulnerability in the Notifications module in Liferay Portal 7.0.0 through 7.3.1, and Liferay DXP 7.0 before fix...	6.1 - MEDIUM	2021-08-03	2021-08-11

Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Liferay

Type	Vendor	Product	Version
Application	Liferay	Digital Experience Platform	7.1
Application	Liferay	Dxp	7.0
Application	Liferay	Liferay Portal	1.7.5

Liferay Sync

apps.apple.com/us/app/liferay-sync/id499558042 Search in App Store

App Store Liferay Sync Business N"499558042 : Liferay Sync

Liferay Portal

Liferay, Inc., is an open-source company that provides free documentation and paid professional service to users of its software. Mainly focused on enterprise portal technology, the company has its headquarters in Diamond Bar, California, United States.

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Known Vulnerabilities for products from Liferay