Product:

Liferay_portal

(Liferay)
Repositories https://github.com/liferay/liferay-portal
#Vulnerabilities 148
Date Id Summary Products Score Patch Annotated
2011-05-07 CVE-2011-1571 Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors. Liferay_portal N/A
2011-05-07 CVE-2011-1570 Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030. Liferay_portal N/A
2011-05-07 CVE-2011-1503 The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL. Liferay_portal N/A
2011-05-07 CVE-2011-1502 Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue. Liferay_portal N/A
2020-06-10 CVE-2020-13444 Liferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 5 does not sanitize the information returned by the DDMDataProvider API, which allows remote authenticated users to obtain the password to REST Data Providers. Liferay_portal N/A
2019-09-09 CVE-2019-16147 Liferay Portal through 7.2.0 GA1 allows XSS via a journal article title to journal_article/page.jsp in journal/journal-taglib. Liferay_portal N/A
2019-06-03 CVE-2019-6588 In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call <liferay-ui:captcha url="<%= url %>" /> or <liferay-captcha:captcha url="<%= url %>" />. Liferay Portal out-of-the-box behavior with no customizations is not vulnerable. Liferay_portal 4.7
2017-12-27 CVE-2017-17868 In Liferay Portal 6.1.0, the tags section has XSS via a Public Render Parameter (p_r_p) value, as demonstrated by p_r_p_564233524_tag. Liferay_portal 6.1
2017-08-07 CVE-2017-12649 XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted title or summary that is mishandled in the Web Content Display. Liferay_portal 6.1
2017-08-07 CVE-2017-12648 XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL. Liferay_portal 6.1