liferay/liferay-portal

liferay/liferay-portal

Releases166

Frequency2 weeks 3 days

Last Release 3 months ago

Stars2.25K

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2019-16147 ↗	Sep 9, 2019Monday, 9 September 2019, 21:15	6.1 MEDIUM	4.3 MEDIUM
Liferay Portal through 7.2.0 GA1 allows XSS via a journal article title to journal_article/page.jsp in journal/journal-taglib.
CVE-2017-1000425 ↗	Jan 2, 2018Tuesday, 2 January 2018, 23:29	—	4.3 MEDIUM
Cross-site scripting (XSS) vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter.
CVE-2016-10404 ↗	Aug 7, 2017Monday, 7 August 2017, 16:29	—	4.3 MEDIUM
XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted redirect field to modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp.
CVE-2010-5327 ↗	Jan 13, 2017Friday, 13 January 2017, 19:59	—	6.5 MEDIUM
Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template.