com.liferay.portal:release.dxp.bom vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2022-28978Mediumcom.liferay:com.liferay.site.memberships.web: Liferay Portal and Liferay DXP Vulnerable to XSS in the Site ModuleCVE-2022-28977Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP HtmlUtil.escapeRedirect Can Be CircumventedCVE-2022-28979Mediumcom.liferay:com.liferay.portal.search.web: Liferay Portal and Liferay DXP Vulnerable to XSS in the Portal Search ModuleCVE-2021-33322Highcom.liferay.portal:com.liferay.portal.impl: Liferay Portal and Liferay DXP fails to invalidate password reset tokens after useCVE-2021-29049Mediumcom.liferay.portal:release.dxp.bom: Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via the currentURL ParameterCVE-2021-33335Highcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP Has Company Administrator Accounts Vulnerable to TakeoversCVE-2021-33336Mediumcom.liferay.portal:release.portal.bom: Liferay Portal Journal Module and Liferay DXP Vulnerable to Cross-Site Scripting (XSS)CVE-2021-33339Mediumcom.liferay.portal:release.portal.bom: Liferay Portal Fragment Module and Liferay DXP Vulnerable to Cross-Site ScriptingCVE-2021-33338Highcom.liferay.portal:release.portal.bom: Liferay Portal Layout Module and Liferay DXP Exposes the Cross-Site Request Forgery (CSRF) Token in URLsCVE-2021-33337Mediumcom.liferay:com.liferay.document.library.web: Liferay Portal and Liferay DXP Cross-site scripting (XSS) vulnerability in the Document Library moduleCVE-2021-33327Mediumcom.liferay:com.liferay.portlet.configuration.web: Liferay Portal and Liferay DXP does not properly check user permissionCVE-2021-33325Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP Stores User Passwords in CleartextCVE-2021-33326Mediumcom.liferay:com.liferay.frontend.js.aui.web: Liferay Portal and Liferay DXP Cross-site scripting (XSS) vulnerability in the Frontend JS moduleCVE-2021-33320Mediumcom.liferay:com.liferay.flags.taglib: Liferay Portal and Liferay DXP vulnerable to email spam via lack of flagging rateCVE-2021-33328Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Edit Vocabulary PageCVE-2021-33324Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP Don't Check Permissions of PagesCVE-2021-33323Highcom.liferay:com.liferay.dynamic.data.mapping.form.web: Liferay Portal and Liferay DXP autosaves form data for other users to seeCVE-2021-33331Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP Allows Arbitrary Redirect of Users to External URLsCVE-2021-33332Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS)CVE-2021-33334Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP Fails to Properly Check User PermissionsCVE-2021-33333Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP Fails to Check User Permissions for Workflow SubmissionsCVE-2021-29053Highcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP Vulnerable to Multiple SQL InjectionsCVE-2021-29043Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP May Reveal S3 Store's Proxy PasswordCVE-2021-29044Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via Membership Request Admin PageCVE-2021-29046Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via Asset Module Parameter

Stop the waste.
Protect your environment with Kodem.