com.liferay.portal:release.dxp.bom vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2024-25602Criticalcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site ScriptingCVE-2023-42498Criticalcom.liferay.portal:release.portal.bom: Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site ScriptingCVE-2023-42496Criticalcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP vulnerable to reflected Cross-site ScriptingCVE-2023-40191Criticalcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP vulnerable to reflected Cross-site ScriptingCVE-2021-29050Highcom.liferay.portal:com.liferay.portal.impl: Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery in Terms of Use PageCVE-2021-29038Mediumcom.liferay.portal:portal-impl: Liferay Portal and Liferay DXP Does Not Obfuscate Password Reminder AnswersCVE-2024-26270Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP vulnerable to theft of hashed passwordCVE-2024-26268Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP User Enumeration VulnerabilityCVE-2024-26267Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP HTTP Header Can Expose VersionsCVE-2024-25610Criticalcom.liferay.portal:release.portal.bom: Liferay Portal has a Stored XSS with Blog entries (Insecure defaults)CVE-2024-25609Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Two Forward SlashesCVE-2024-25607Highcom.liferay.portal:release.dxp.bom: Liferay Portal defaults to a low work factor for the default password hashing algorithmCVE-2024-25608Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Replacement CharacterCVE-2024-25606Highcom.liferay.portal:com.liferay.util.java: Liferay Portal has an XXE vulnerability in Java2WsddTask._formatCVE-2024-25605Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP Allows Templates to be Viewed via the UI or APICVE-2024-25604Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP Allows Authenticated Users with View Permissions to Edit PermissionsCVE-2024-25150Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP Information Disclosure Vulnerability in the Control PanelCVE-2024-25149Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP Does Not Properly Restrict Membership to Child Site Based on Parent Site OptionsCVE-2023-5190Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP Vulnerable to Open Redirect in Countries Management's Edit Region PageCVE-2024-25148Highcom.liferay.portal:release.portal.bom: Liferay Portal vulnerable to user impersonationCVE-2024-25146Mediumcom.liferay.portal:release.portal.bom: Liferay Portal allows attackers to discover the existence of sitesCVE-2024-25144Mediumcom.liferay.portal:release.portal.bom: Liferay Portal denial-of-service vulnerabilityCVE-2023-47798Mediumcom.liferay.portal:release.portal.bom: Liferay Portal's account lockout does not invalidate existing user sessionsCVE-2024-25145Criticalcom.liferay.portal:release.portal.bom: Liferay Portal stored cross-site scripting (XSS) vulnerabilityCVE-2023-42627Criticalcom.liferay.commerce:com.liferay.commerce.address.content.web: Liferay Portal and Liferay DXP Vulnerable to XSS in the Commerce Module

Stop the waste.
Protect your environment with Kodem.