Filtered by vendor Liferay
Subscriptions
Filtered by product Digital Experience Platform
Subscriptions
Total
123 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-38265 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | 5.4 Medium |
| Cross-site scripting (XSS) vulnerability in the Asset module in Liferay Portal 7.3.4 through 7.3.6 allow remote attackers to inject arbitrary web script or HTML when creating a collection page via the _com_liferay_asset_list_web_portlet_AssetListPortlet_title parameter. | ||||
| CVE-2021-38263 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in the Server module's script console in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 20 and 7.2 before fix pack 10 allows remote attackers to inject arbitrary web script or HTML via the output of a script. | ||||
| CVE-2020-15839 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | 6.5 Medium |
| Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 and 7.2 before fix pack 6, does not restrict the size of a multipart/form-data POST action, which allows remote authenticated users to conduct denial-of-service attacks by uploading large files. | ||||