com.liferay.portal:release.portal.bom vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2023-47795Criticalcom.liferay.portal:release.portal.bom: Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site ScriptingCVE-2024-25151Mediumcom.liferay.portal:release.portal.bom: Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofingCVE-2024-26269Criticalcom.liferay.portal:release.portal.bom: Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site ScriptingCVE-2024-25603Criticalcom.liferay.portal:release.portal.bom: Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site ScriptingCVE-2024-26266Criticalcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP vulnerable to stored Cross-site ScriptingCVE-2024-25601Criticalcom.liferay.portal:release.portal.bom: Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site ScriptingCVE-2024-25152Criticalcom.liferay.portal:release.portal.bom: Liferay Portal Message Board widget and Liferay DXP vulnerable to stored Cross-site ScriptingCVE-2024-25147Criticalcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP vulnerable to Cross-site ScriptingCVE-2024-25602Criticalcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site ScriptingCVE-2023-42498Criticalcom.liferay.portal:release.portal.bom: Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site ScriptingCVE-2023-42496Criticalcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP vulnerable to reflected Cross-site ScriptingCVE-2023-40191Criticalcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP vulnerable to reflected Cross-site ScriptingCVE-2024-26270Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP vulnerable to theft of hashed passwordCVE-2024-26268Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP User Enumeration VulnerabilityCVE-2024-26267Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP HTTP Header Can Expose VersionsCVE-2024-26265Mediumcom.liferay.portal:release.portal.bom: Liferay Portal vulnerable to Denial of ServiceCVE-2024-25610Criticalcom.liferay.portal:release.portal.bom: Liferay Portal has a Stored XSS with Blog entries (Insecure defaults)CVE-2024-25609Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Two Forward SlashesCVE-2024-25607Highcom.liferay.portal:release.dxp.bom: Liferay Portal defaults to a low work factor for the default password hashing algorithmCVE-2024-25608Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Replacement CharacterCVE-2024-25606Highcom.liferay.portal:com.liferay.util.java: Liferay Portal has an XXE vulnerability in Java2WsddTask._formatCVE-2024-25605Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP Allows Templates to be Viewed via the UI or APICVE-2024-25604Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP Allows Authenticated Users with View Permissions to Edit PermissionsCVE-2024-25150Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP Information Disclosure Vulnerability in the Control PanelCVE-2024-25149Mediumcom.liferay.portal:release.portal.bom: Liferay Portal and Liferay DXP Does Not Properly Restrict Membership to Child Site Based on Parent Site Options

Stop the waste.
Protect your environment with Kodem.