Known Vulnerabilities for products from Liferay
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Liferay".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-44311 json | Multiple reflected cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationR... | 6.1 - MEDIUM | 2023-10-17 | 2023-10-24 |
| CVE-2023-44310 json | Stored cross-site scripting (XSS) vulnerability in Page Tree menu Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 ... | 5.4 - MEDIUM | 2023-10-17 | 2023-10-24 |
| CVE-2023-44309 json | Multiple stored cross-site scripting (XSS) vulnerabilities in the fragment components in Liferay Portal 7.4.2 through 7.4.3.5... | 5.4 - MEDIUM | 2023-10-17 | 2023-10-24 |
| CVE-2023-42629 json | Stored cross-site scripting (XSS) vulnerability in the manage vocabulary page in Liferay Portal 7.4.2 through 7.4.3.87, and L... | 5.4 - MEDIUM | 2023-10-17 | 2023-11-10 |
| CVE-2023-42628 json | Stored cross-site scripting (XSS) vulnerability in the Wiki widget in Liferay Portal 7.1.0 through 7.4.3.87, and Liferay DXP ... | 5.4 - MEDIUM | 2023-10-17 | 2023-11-10 |
| CVE-2023-42627 json | Multiple stored cross-site scripting (XSS) vulnerabilities in the Commerce module in Liferay Portal 7.3.5 through 7.4.3.91, a... | 5.4 - MEDIUM | 2023-10-17 | 2023-11-10 |
| CVE-2023-42497 json | Reflected cross-site scripting (XSS) vulnerability on the Export for Translation page in Liferay Portal 7.4.3.4 through 7.4.3... | 6.1 - MEDIUM | 2023-10-17 | 2023-10-23 |
| CVE-2023-35030 json | Cross-site request forgery (CSRF) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7... | 8.8 - HIGH | 2023-06-15 | 2023-06-22 |
| CVE-2023-35029 json | Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay... | 6.1 - MEDIUM | 2023-06-15 | 2023-06-22 |
| CVE-2023-33950 json | Pattern Redirects in Liferay Portal 7.4.3.48 through 7.4.3.76, and Liferay DXP 7.4 update 48 through 76 allows regular expres... | 7.5 - HIGH | 2023-05-24 | 2023-05-31 |
| CVE-2023-33949 json | In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to veri... | 7.5 - HIGH | 2023-05-24 | 2023-05-31 |
| CVE-2023-33948 json | The Dynamic Data Mapping module in Liferay Portal 7.4.3.67, and Liferay DXP 7.4 update 67 does not limit Document and Media f... | 7.5 - HIGH | 2023-05-24 | 2023-06-01 |
| CVE-2023-33947 json | The Object module in Liferay Portal 7.4.3.4 through 7.4.3.60, and Liferay DXP 7.4 before update 61 does not segment object de... | 4.3 - MEDIUM | 2023-05-24 | 2023-06-01 |
| CVE-2023-33946 json | The Object module in Liferay Portal 7.4.3.4 through 7.4.3.48, and Liferay DXP 7.4 before update 49 does properly isolate obje... | 4.3 - MEDIUM | 2023-05-24 | 2023-06-01 |
| CVE-2023-33945 json | SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7... | 8.1 - HIGH | 2023-05-24 | 2023-06-02 |
| CVE-2023-33944 json | Cross-site scripting (XSS) vulnerability in Layout module in Liferay Portal 7.3.4 through 7.4.3.68, and Liferay DXP 7.3 befor... | 6.1 - MEDIUM | 2023-05-24 | 2023-06-01 |
| CVE-2023-33943 json | Cross-site scripting (XSS) vulnerability in the Account module in Liferay Portal 7.4.3.21 through 7.4.3.62, and Liferay DXP 7... | 5.4 - MEDIUM | 2023-05-24 | 2023-05-31 |
| CVE-2023-33942 json | Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3... | 5.4 - MEDIUM | 2023-05-24 | 2023-06-01 |
| CVE-2023-33941 json | Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect cl... | 6.1 - MEDIUM | 2023-05-24 | 2023-05-31 |
| CVE-2023-33940 json | Cross-site scripting (XSS) vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through 7.4.3.30, and Liferay DXP... | 5.4 - MEDIUM | 2023-05-24 | 2023-05-31 |
Known software with vulnerabilities from Liferay
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Liferay | Digital Experience Platform | 7.1 |
| Application | Liferay | Dxp | 7.0 |
| Application | Liferay | Liferay Portal | 1.7.5 |