Known Vulnerabilities for products from Liferay
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Liferay".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-25146 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.3 - MEDIUM | 2022-03-03 | 2022-10-28 |
| CVE-2021-38269 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.4 - MEDIUM | 2022-03-03 | 2022-05-13 |
| CVE-2021-38268 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.5 - MEDIUM | 2022-03-02 | 2022-10-05 |
| CVE-2021-38267 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.4 - MEDIUM | 2022-03-03 | 2022-06-16 |
| CVE-2021-38266 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.5 - HIGH | 2022-03-02 | 2022-05-13 |
| CVE-2021-38265 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 5.4 - MEDIUM | 2022-03-03 | 2022-07-30 |
| CVE-2021-38264 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.1 - MEDIUM | 2022-03-03 | 2022-06-05 |
| CVE-2021-38263 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.1 - MEDIUM | 2022-03-03 | 2022-05-13 |
| CVE-2021-35463 | Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote attackers to inj... | 6.1 - MEDIUM | 2021-08-04 | 2021-08-11 |
| CVE-2021-33990 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2023-04-16 | 2023-11-07 |
| CVE-2021-33339 | Cross-site scripting (XSS) vulnerability in the Fragment module in Liferay Portal 7.2.1 through 7.3.4, and Liferay DXP 7.2 be... | 4.8 - MEDIUM | 2021-08-04 | 2021-08-11 |
| CVE-2021-33338 | The Layout module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 6, e... | 7.5 - HIGH | 2021-08-04 | 2021-08-11 |
| CVE-2021-33337 | Cross-site scripting (XSS) vulnerability in the Document Library module's add document menu in Liferay Portal 7.3.0 through 7... | 6.1 - MEDIUM | 2021-08-04 | 2021-08-11 |
| CVE-2021-33336 | Cross-site scripting (XSS) vulnerability in the Journal module's add article menu in Liferay Portal 7.3.0 through 7.3.3, and ... | 5.4 - MEDIUM | 2021-08-04 | 2021-08-11 |
| CVE-2021-33335 | Privilege escalation vulnerability in Liferay Portal 7.0.3 through 7.3.4, and Liferay DXP 7.1 before fix pack 20, and 7.2 bef... | 7.2 - HIGH | 2021-08-03 | 2022-07-12 |
| CVE-2021-33334 | The Dynamic Data Mapping module in Liferay Portal 7.0.0 through 7.3.2, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix... | 4.3 - MEDIUM | 2021-08-03 | 2021-08-11 |
| CVE-2021-33333 | The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 1... | 6.3 - MEDIUM | 2021-08-03 | 2021-08-11 |
| CVE-2021-33332 | Cross-site scripting (XSS) vulnerability in the Portlet Configuration module in Liferay Portal 7.1.0 through 7.3.2, and Lifer... | 6.1 - MEDIUM | 2021-08-03 | 2021-08-11 |
| CVE-2021-33331 | Open redirect vulnerability in the Notifications module in Liferay Portal 7.0.0 through 7.3.1, and Liferay DXP 7.0 before fix... | 6.1 - MEDIUM | 2021-08-03 | 2021-08-11 |
| CVE-2021-33330 | Liferay Portal 7.2.0 through 7.3.2, and Liferay DXP 7.2 before fix pack 9, allows access to Cross-origin resource sharing (CO... | 4.3 - MEDIUM | 2021-08-03 | 2023-08-08 |
Known software with vulnerabilities from Liferay
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Liferay | Digital Experience Platform | 7.1 |
| Application | Liferay | Dxp | 7.0 |
| Application | Liferay | Liferay Portal | 1.7.5 |