Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

CRM

Liferay DXP

Digital Experience Platform (DXP) is an emerging category of enterprise software seeking to meet the needs of companies undergoing digital transformation with the ultimate goal of providing better customer experiences. DXPs can be a single product but are often a suite of products that work together. DXPs provide an architecture for companies to digitize business operations deliver connected customer experiences and gather actionable customer insight.

Official Site:

https://www.liferay.com/en-AU/products/dxp

Severity Summary:

Critical: 1 High: 22 Medium: 97
Reference
Title
Severity
CVE-2022-42120
Liferay DXP Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Critical
CVE-2021-33338
Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2024-26272
Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2024-26271
Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2024-26273
Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2021-33321
Liferay DXP Weak Password Recovery Mechanism for Forgotten Password Vulnerability
High
CVE-2021-33322
Liferay DXP Insufficient Session Expiration Vulnerability
High
CVE-2021-33323
Liferay DXP Cleartext Storage of Sensitive Information Vulnerability
High
CVE-2024-25606
Liferay DXP Improper Restriction of XML External Entity Reference Vulnerability
High
CVE-2022-42121
Liferay DXP Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2024-25607
Liferay DXP Use of Password Hash With Insufficient Computational Effort Vulnerability
High
CVE-2021-33335
Liferay DXP Incorrect Authorization Vulnerability
High
CVE-2021-38266
Liferay DXP Vulnerability
High
CVE-2022-42123
Liferay DXP Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2024-38002
Liferay DXP Incorrect Authorization Vulnerability
High
CVE-2024-25148
Liferay DXP Vulnerability
High
CVE-2020-15841
Liferay DXP Insufficiently Protected Credentials Vulnerability
High
CVE-2021-29047
Liferay DXP Improper Authentication Vulnerability
High
CVE-2020-15842
Liferay DXP Deserialization of Untrusted Data Vulnerability
High
CVE-2022-42124
Liferay DXP Inefficient Regular Expression Complexity Vulnerability
High
CVE-2023-33945
Liferay DXP Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2021-29053
Liferay DXP Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2023-33949
Liferay DXP Insecure Default Initialization of Resource Vulnerability
High
CVE-2023-47798
Liferay DXP Session Fixation Vulnerability
Medium
CVE-2024-25604
Liferay DXP Incorrect Authorization Vulnerability
Medium
CVE-2023-42629
Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2024-8980
Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2024-25149
Liferay DXP Incorrect Authorization Vulnerability
Medium
CVE-2024-25150
Liferay DXP Other Vulnerability
Medium
CVE-2024-25143
Liferay DXP Allocation of Resources Without Limits or Throttling Vulnerability
Medium