Total
44 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26596 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2022-05-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Journal module's web content display configuration page in Liferay Portal 7.1.0 through 7.3.3, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 8, allows remote attackers to inject arbitrary web script or HTML via web content template names. | |||||
| CVE-2022-26593 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2022-04-27 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the name of a asset category. | |||||
| CVE-2022-26595 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2022-04-27 | 4.0 MEDIUM | 4.3 MEDIUM |
| Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups, which allows remote authenticated users to view sites/groups via the user's site membership assignment UI. | |||||
| CVE-2020-15839 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2020-09-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 and 7.2 before fix pack 6, does not restrict the size of a multipart/form-data POST action, which allows remote authenticated users to conduct denial-of-service attacks by uploading large files. | |||||