Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Liferay_portal
(Liferay)| Repositories | https://github.com/liferay/liferay-portal |
| #Vulnerabilities | 148 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2011-05-07 | CVE-2011-1503 | The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL. | Liferay_portal | N/A | ||
| 2011-05-07 | CVE-2011-1502 | Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue. | Liferay_portal | N/A | ||
| 2020-06-10 | CVE-2020-13444 | Liferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 5 does not sanitize the information returned by the DDMDataProvider API, which allows remote authenticated users to obtain the password to REST Data Providers. | Liferay_portal | N/A | ||
| 2019-09-09 | CVE-2019-16147 | Liferay Portal through 7.2.0 GA1 allows XSS via a journal article title to journal_article/page.jsp in journal/journal-taglib. | Liferay_portal | N/A | ||
| 2019-06-03 | CVE-2019-6588 | In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call <liferay-ui:captcha url="<%= url %>" /> or <liferay-captcha:captcha url="<%= url %>" />. Liferay Portal out-of-the-box behavior with no customizations is not vulnerable. | Liferay_portal | 4.7 | ||
| 2017-12-27 | CVE-2017-17868 | In Liferay Portal 6.1.0, the tags section has XSS via a Public Render Parameter (p_r_p) value, as demonstrated by p_r_p_564233524_tag. | Liferay_portal | 6.1 | ||
| 2017-08-07 | CVE-2017-12649 | XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted title or summary that is mishandled in the Web Content Display. | Liferay_portal | 6.1 | ||
| 2017-08-07 | CVE-2017-12648 | XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL. | Liferay_portal | 6.1 | ||
| 2017-08-07 | CVE-2017-12647 | XSS exists in Liferay Portal before 7.0 CE GA4 via a Knowledge Base article title. | Liferay_portal | 6.1 | ||
| 2017-08-07 | CVE-2017-12646 | XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, password, or e-mail address. | Liferay_portal | 6.1 |