Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

CMS

Liferay Portal

Liferay Portal is the worlds leading enterprise open source portal framework offering integrated Web publishing and content management an enterprise service bus and service-oriented architecture and compatibility with all major IT infrastructure.

Official Site:

https://www.liferay.com/downloads-community

Severity Summary:

Critical: 6 High: 46 Medium: 231 Low: 2
Reference
Title
Severity
CVE-2021-33322
Liferay Portal Insufficient Session Expiration Vulnerability
High
CVE-2020-15841
Liferay Portal Vulnerability
High
CVE-2021-33338
Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2024-26273
Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2024-26271
Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2024-38002
Liferay Portal Incorrect Authorization Vulnerability
High
CVE-2021-33323
Liferay Portal Cleartext Storage of Sensitive Information Vulnerability
High
CVE-2022-42123
Liferay Portal Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2023-33948
Liferay Portal Missing Authorization Vulnerability
High
CVE-2020-28885
Liferay Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability
High
CVE-2025-43796
Liferay Portal Uncontrolled Resource Consumption Vulnerability
High
CVE-2022-28981
Liferay Portal Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2022-42121
Liferay Portal Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2025-43790
Liferay Portal Authorization Bypass Through User-Controlled Key Vulnerability
High
CVE-2021-38266
Liferay Portal Vulnerability
High
CVE-2021-29053
Liferay Portal Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2025-43793
Liferay Portal Improper Validation of Specified Quantity in Input Vulnerability
High
CVE-2021-29047
Liferay Portal Improper Authentication Vulnerability
High
CVE-2018-10795
Liferay Portal Unrestricted Upload of File with Dangerous Type Vulnerability
High
CVE-2025-43816
Liferay Portal Missing Release of Memory after Effective Lifetime Vulnerability
High
CVE-2025-62260
Liferay Portal Uncontrolled Resource Consumption Vulnerability
High
CVE-2010-5327
Liferay Portal Permissions Privileges and Access Controls Vulnerability
High
CVE-2025-62245
Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2025-62240
Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-62255
Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-62253
Liferay Portal URL Redirection to Untrusted Site (Open Redirect) Vulnerability
Medium
CVE-2025-62239
Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2022-28982
Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2022-38902
Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2022-28978
Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium