Liferay Portal vulnerabilities
319 known vulnerabilities affecting liferay/liferay_portal.
Total CVEs
319
CISA KEV
1
actively exploited
Public exploits
11
Exploited in wild
1
Severity breakdown
CRITICAL5HIGH43MEDIUM260LOW11
Vulnerabilities
Page 15 of 16
CVE-2021-29052MEDIUMCVSS 4.3≥ 7.3.0, ≤ 7.3.52021-05-17
CVE-2021-29052 [MEDIUM] CWE-276 CVE-2021-29052: The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Liferay DXP 7.3 before fix pack 1
The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 does not check permissions in DataDefinitionResourceImpl.getSiteDataDefinitionByContentTypeByDataDefinitionKey, which allows remote authenticated users to view DDMStructures via GET API calls.
nvd
CVE-2021-29044MEDIUMCVSS 6.1≥ 7.0.0, ≤ 7.3.52021-05-17
CVE-2021-29044 [MEDIUM] CWE-79 CVE-2021-29044: Cross-site scripting (XSS) vulnerability in the Site module's membership request administration page
Cross-site scripting (XSS) vulnerability in the Site module's membership request administration pages in Liferay Portal 7.0.0 through 7.3.5, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 21, 7.2 before fix pack 10 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_site_my_sites_
nvd
CVE-2021-29046MEDIUMCVSS 6.1v7.3.52021-05-17
CVE-2021-29046 [MEDIUM] CWE-79 CVE-2021-29046: Cross-site scripting (XSS) vulnerability in the Asset module's category selector input field in Life
Cross-site scripting (XSS) vulnerability in the Asset module's category selector input field in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_asset_categories_admin_web_portlet_AssetCategoriesAdminPortlet_title parameter.
nvd
CVE-2021-29045MEDIUMCVSS 6.1≥ 7.3.2, ≤ 7.3.52021-05-17
CVE-2021-29045 [MEDIUM] CWE-79 CVE-2021-29045: Cross-site scripting (XSS) vulnerability in the Redirect module's redirection administration page in
Cross-site scripting (XSS) vulnerability in the Redirect module's redirection administration page in Liferay Portal 7.3.2 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_redirect_web_internal_portlet_RedirectPortlet_destinationURL parameter.
nvd
CVE-2021-29047HIGHCVSS 7.5v7.3.4v7.3.52021-05-16
CVE-2021-29047 [HIGH] CWE-287 CVE-2021-29047: The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack
The SimpleCaptcha implementation in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.3 before fix pack 1 does not invalidate CAPTCHA answers after it is used, which allows remote attackers to repeatedly perform actions protected by a CAPTCHA challenge by reusing the same CAPTCHA answer.
nvd
CVE-2021-29039MEDIUMCVSS 6.1v7.3.42021-05-16
CVE-2021-29039 [MEDIUM] CWE-79 CVE-2021-29039: Cross-site scripting (XSS) vulnerability in the Asset module's categories administration page in Lif
Cross-site scripting (XSS) vulnerability in the Asset module's categories administration page in Liferay Portal 7.3.4 allows remote attackers to inject arbitrary web script or HTML via the site name.
nvd
CVE-2021-29040MEDIUMCVSS 5.3≤ 7.3.42021-05-16
CVE-2021-29040 [MEDIUM] CWE-209 CVE-2021-29040: The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7
The JSON web services in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 97, 7.1 before fix pack 20 and 7.2 before fix pack 10 may provide overly verbose error messages, which allows remote attackers to use the contents of error messages to help launch another, more focused attacks via crafted inputs.
nvd
CVE-2020-25476MEDIUMCVSS 6.1v7.1.3v7.2.12021-01-07
CVE-2020-25476 [MEDIUM] CWE-79 CVE-2020-25476: Liferay CMS Portal version 7.1.3 and 7.2.1 have a blind persistent cross-site scripting (XSS) vulner
Liferay CMS Portal version 7.1.3 and 7.2.1 have a blind persistent cross-site scripting (XSS) vulnerability in the user name parameter to Calendar. An attacker can insert the malicious payload on the username, lastname or surname fields of its own profile, and the malicious payload will be injected and reflected in the calendar of the user who submit
nvd
CVE-2020-15840MEDIUMCVSS 5.3fixed in 7.3.1v6.22020-09-24
CVE-2020-15840 [MEDIUM] CVE-2020-15840: In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the
In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property 'portlet.resource.id.banned.paths.regexp' can be bypassed with doubled encoded URLs.
nvd
CVE-2020-15839MEDIUMCVSS 6.5fixed in 7.3.32020-09-22
CVE-2020-15839 [MEDIUM] CWE-434 CVE-2020-15839: Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 and 7.2 before fix pack 6, does
Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 and 7.2 before fix pack 6, does not restrict the size of a multipart/form-data POST action, which allows remote authenticated users to conduct denial-of-service attacks by uploading large files.
nvd
CVE-2020-24554HIGHCVSS 7.5fixed in 7.3.32020-09-01
CVE-2020-24554 [HIGH] CWE-601 CVE-2020-24554: The redirect module in Liferay Portal before 7.3.3 does not limit the number of URLs resulting in a
The redirect module in Liferay Portal before 7.3.3 does not limit the number of URLs resulting in a 404 error that is recorded, which allows remote attackers to perform a denial of service attack by making repeated requests for pages that do not exist.
nvd
CVE-2020-15842HIGHCVSS 8.1fixed in 7.3.02020-07-20
CVE-2020-15842 [HIGH] CWE-502 CVE-2020-15842: Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2
Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7.1 before fix pack 17, and 7.2 before fix pack 5, allows man-in-the-middle attackers to execute arbitrary code via crafted serialized payloads, because of insecure deserialization.
nvd
CVE-2020-15841HIGHCVSS 8.8fixed in 7.3.02020-07-20
CVE-2020-15841 [HIGH] CVE-2020-15841: Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7.1 before fix pack 17, and 7.2
Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7.1 before fix pack 17, and 7.2 before fix pack 4, does not safely test a connection to a LDAP server, which allows remote attackers to obtain the LDAP server's password via the Test LDAP Connection feature.
nvd
CVE-2020-13445HIGHCVSS 8.8v7.1v7.1.1+2 more2020-06-10
CVE-2020-13445 [HIGH] CWE-74 CVE-2020-13445: In Liferay Portal before 7.3.2 and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7
In Liferay Portal before 7.3.2 and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 6, the template API does not restrict user access to sensitive objects, which allows remote authenticated users to execute arbitrary code via crafted FreeMarker and Velocity templates.
nvd
CVE-2020-13444MEDIUMCVSS 6.5v7.1v7.1.1+2 more2020-06-10
CVE-2020-13444 [MEDIUM] CVE-2020-13444: Liferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and
Liferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 5 does not sanitize the information returned by the DDMDataProvider API, which allows remote authenticated users to obtain the password to REST Data Providers.
nvd
CVE-2020-7961CRITICALCVSS 9.8KEVPoCfixed in 7.2.12020-03-20
CVE-2020-7961 [CRITICAL] CWE-502 CVE-2020-7961: Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).
nvd
CVE-2020-7934MEDIUMCVSS 5.4PoC≥ 7.1.0, ≤ 7.2.12020-01-28
CVE-2020-7934 [MEDIUM] CWE-79 CVE-2020-7934: In LifeRay Portal CE 7.1.0 through 7.2.1 GA2, the First Name, Middle Name, and Last Name fields for
In LifeRay Portal CE 7.1.0 through 7.2.1 GA2, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload will then be rendered when a user utilizes the search featur
nvd
CVE-2019-16891CRITICALCVSS 9.8≤ 6.0.6v6.1.0+20 more2019-10-04
CVE-2019-16891 [CRITICAL] CWE-502 CVE-2019-16891: Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload
Liferay Portal CE 6.2.5 allows remote command execution because of deserialization of a JSON payload.
nvd
CVE-2019-16147MEDIUMCVSS 6.1fixed in 7.2.0v7.2.02019-09-09
CVE-2019-16147 [MEDIUM] CWE-79 CVE-2019-16147: Liferay Portal through 7.2.0 GA1 allows XSS via a journal article title to journal_article/page.jsp
Liferay Portal through 7.2.0 GA1 allows XSS via a journal article title to journal_article/page.jsp in journal/journal-taglib.
nvd
CVE-2019-6588MEDIUMCVSS 4.7PoC≤ 6.0.6v6.1.0+16 more2019-06-03
CVE-2019-6588 [MEDIUM] CWE-79 CVE-2019-6588: In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custo
In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call " /> or " />. Liferay Portal out-of-the-box behavior with no customizations is not vulnerable.
nvd