Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

CRM

Liferay DXP

Digital Experience Platform (DXP) is an emerging category of enterprise software seeking to meet the needs of companies undergoing digital transformation with the ultimate goal of providing better customer experiences. DXPs can be a single product but are often a suite of products that work together. DXPs provide an architecture for companies to digitize business operations deliver connected customer experiences and gather actionable customer insight.

Official Site:

https://www.liferay.com/en-AU/products/dxp

Severity Summary:

Critical: 1 High: 22 Medium: 103
Reference
Title
Severity
CVE-2022-42120
Liferay DXP Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Critical
CVE-2023-33949
Liferay DXP Insecure Default Initialization of Resource Vulnerability
High
CVE-2022-42123
Liferay DXP Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
High
CVE-2021-33322
Liferay DXP Insufficient Session Expiration Vulnerability
High
CVE-2021-33321
Liferay DXP Weak Password Recovery Mechanism for Forgotten Password Vulnerability
High
CVE-2022-42121
Liferay DXP Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2021-33335
Liferay DXP Incorrect Authorization Vulnerability
High
CVE-2023-33945
Liferay DXP Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2022-42124
Liferay DXP Inefficient Regular Expression Complexity Vulnerability
High
CVE-2024-25606
Liferay DXP Improper Restriction of XML External Entity Reference Vulnerability
High
CVE-2021-33338
Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2024-38002
Liferay DXP Incorrect Authorization Vulnerability
High
CVE-2024-26272
Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2024-26271
Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2021-29047
Liferay DXP Improper Authentication Vulnerability
High
CVE-2020-15842
Liferay DXP Deserialization of Untrusted Data Vulnerability
High
CVE-2024-26273
Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability
High
CVE-2021-38266
Liferay DXP Vulnerability
High
CVE-2021-29053
Liferay DXP Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2024-25148
Liferay DXP Vulnerability
High
CVE-2024-25607
Liferay DXP Use of Password Hash With Insufficient Computational Effort Vulnerability
High
CVE-2020-15841
Liferay DXP Insufficiently Protected Credentials Vulnerability
High
CVE-2021-33323
Liferay DXP Cleartext Storage of Sensitive Information Vulnerability
High
CVE-2024-26270
Liferay DXP Other Vulnerability
Medium
CVE-2024-25601
Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-37940
Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-15840
Liferay DXP Vulnerability
Medium
CVE-2024-25602
Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-5190
Liferay DXP URL Redirection to Untrusted Site (Open Redirect) Vulnerability
Medium
CVE-2023-44308
Liferay DXP URL Redirection to Untrusted Site (Open Redirect) Vulnerability
Medium