Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

CMS

Liferay Portal

Liferay Portal is the worlds leading enterprise open source portal framework offering integrated Web publishing and content management an enterprise service bus and service-oriented architecture and compatibility with all major IT infrastructure.

Official Site:

https://www.liferay.com/downloads-community

Severity Summary:

Critical: 3 High: 35 Medium: 136 Low: 2
Reference
Title
Severity
CVE-2022-42120
Liferay Portal Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Critical
CVE-2022-42122
Liferay Portal Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Critical
CVE-2020-7961
Liferay Portal Deserialization of Untrusted Data Vulnerability
Critical
CVE-2020-15841
Liferay Portal Vulnerability
High
CVE-2022-42123
Liferay Portal Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2023-33948
Liferay Portal Missing Authorization Vulnerability
High
CVE-2023-33950
Liferay Portal Inefficient Regular Expression Complexity Vulnerability
High
CVE-2023-33949
Liferay Portal Insecure Default Initialization of Resource Vulnerability
High
CVE-2023-33945
Liferay Portal Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2023-35030
Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2022-42124
Liferay Portal Inefficient Regular Expression Complexity Vulnerability
High
CVE-2021-33335
Liferay Portal Incorrect Authorization Vulnerability
High
CVE-2021-33321
Liferay Portal Weak Password Recovery Mechanism for Forgotten Password Vulnerability
High
CVE-2021-33322
Liferay Portal Insufficient Session Expiration Vulnerability
High
CVE-2021-33323
Liferay Portal Cleartext Storage of Sensitive Information Vulnerability
High
CVE-2021-33338
Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2019-16891
Liferay Portal Deserialization of Untrusted Data Vulnerability
High
CVE-2022-42121
Liferay Portal Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2020-13445
Liferay Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
High
CVE-2020-28884
Liferay Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability
High
CVE-2020-28885
Liferay Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability
High
CVE-2020-15842
Liferay Portal Deserialization of Untrusted Data Vulnerability
High
CVE-2024-25148
Liferay Portal Vulnerability
High
CVE-2024-26273
Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2024-26271
Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2024-38002
Liferay Portal Incorrect Authorization Vulnerability
High
CVE-2024-26272
Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2024-25607
Liferay Portal Use of Password Hash With Insufficient Computational Effort Vulnerability
High
CVE-2024-25606
Liferay Portal Improper Restriction of XML External Entity Reference Vulnerability
High
CVE-2022-42125
Liferay Portal Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High