pkg:maven/com.liferay.portal/release.dxp.bom
Type
maven
Namespace
com.liferay.portal
Name
release.dxp.bom
Known advisories, vulnerabilities and fixes for com.liferay.portal/release.dxp.bom package.
Critical
12
Moderate
6
| Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
|---|---|---|---|---|---|---|---|
| Affected | >= 7.2.0, < 7.2.10.fp5 |
CVE-2023-47798
|
 MAVEN:GHSA-2MX7-XVFG-FG53
|
Liferay Portal's account lockout does not invalidate existing user sessions | moderate |
2024-02-08T03:32:45
(7 months ago) |
|
| Fixed | = 7.2.10.fp5 |
CVE-2023-47798
|
MAVEN:GHSA-2MX7-XVFG-FG53
|
Liferay Portal's account lockout does not invalidate existing user sessions | moderate |
2024-02-08T03:32:45
(7 months ago) |
|
| Affected | >= 7.2.0, < 7.2.10.fp17 >= 7.3.10.ep3, < 7.3.10.u4 >= 7.4.13.u1, <= 7.4.13.u102 |
CVE-2024-25603
|
MAVEN:GHSA-44JG-JGJX-3XG5
|
Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting | critical |
2024-02-21T03:30:38
(6 months ago) |
|
| Fixed | = 7.2.10.fp17 = 7.3.10.u4 |
CVE-2024-25603
|
MAVEN:GHSA-44JG-JGJX-3XG5
|
Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting | critical |
2024-02-21T03:30:38
(6 months ago) |
|
| Affected | >= 7.4.13.u44, <= 7.4.13.u92 >= 2023.Q3, < 2023.Q3.6 |
CVE-2023-40191
|
MAVEN:GHSA-468X-FRCM-GHX6
|
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting | critical |
2024-02-21T03:30:37
(6 months ago) |
|
| Fixed | = 2023.Q3.6 |
CVE-2023-40191
|
MAVEN:GHSA-468X-FRCM-GHX6
|
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting | critical |
2024-02-21T03:30:37
(6 months ago) |
|
| Affected | >= 2023.Q3, < 2023.Q3.6 >= 7.3.10.ep3, < 7.3.10.u34 >= 7.4.10.ep1, <= 7.4.13.u92 |
CVE-2023-42496
|
MAVEN:GHSA-54PV-R62J-9QQC
|
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting | critical |
2024-02-21T03:30:37
(6 months ago) |
|
| Fixed | = 2023.Q3.6 = 7.3.10.u34 |
CVE-2023-42496
|
MAVEN:GHSA-54PV-R62J-9QQC
|
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting | critical |
2024-02-21T03:30:37
(6 months ago) |
|
| Affected | >= 7.4.13.u4, <= 7.4.13.u92 >= 2023.Q3, < 2023.Q3.5 |
CVE-2023-42498
|
MAVEN:GHSA-73X3-8MRG-5R93
|
Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting | critical |
2024-02-21T03:30:37
(6 months ago) |
|
| Fixed | = 2023.Q3.5 |
CVE-2023-42498
|
MAVEN:GHSA-73X3-8MRG-5R93
|
Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting | critical |
2024-02-21T03:30:37
(6 months ago) |
|
| Affected | < 7.2.10.fp17 >= 7.3.0, < 7.3.10.u4 >= 7.4.0, < 7.4.3.13u8 |
CVE-2024-25145
|
MAVEN:GHSA-9VGQ-W5PV-V77Q
|
Liferay Portal stored cross-site scripting (XSS) vulnerability | critical |
2024-02-07T15:30:50
(7 months ago) |
|
| Fixed | = 7.2.10.fp17 = 7.3.10.u4 = 7.4.3.13u8 |
CVE-2024-25145
|
MAVEN:GHSA-9VGQ-W5PV-V77Q
|
Liferay Portal stored cross-site scripting (XSS) vulnerability | critical |
2024-02-07T15:30:50
(7 months ago) |
|
| Affected | >= 7.2.1, <= 7.2.10.fp5 <= 7.1.10.fp17 |
CVE-2020-15839
|
MAVEN:GHSA-C7F6-4VX5-4263
|
Unrestricted Upload of File with Dangerous Type in Liferay Portal and Liferay DXP | moderate |
2022-02-10T20:46:21
(2 years ago) |
|
| Fixed | = 7.2.10.fp6 = 7.1.10.fp18 |
CVE-2020-15839
|
MAVEN:GHSA-C7F6-4VX5-4263
|
Unrestricted Upload of File with Dangerous Type in Liferay Portal and Liferay DXP | moderate |
2022-02-10T20:46:21
(2 years ago) |
|
| Affected | >= 7.2.0, < 7.2.10.fp17 >= 7.3.0, < 7.3.10.u4 |
CVE-2024-25601
|
MAVEN:GHSA-CR36-3VQF-X5W5
|
Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site Scripting | critical |
2024-02-21T03:30:37
(6 months ago) |
|
| Fixed | = 7.2.10.fp17 = 7.3.10.u4 |
CVE-2024-25601
|
MAVEN:GHSA-CR36-3VQF-X5W5
|
Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site Scripting | critical |
2024-02-21T03:30:37
(6 months ago) |
|
| Affected | >= 7.2.0, < 7.2.10.fp15 >= 7.3.0, < 7.3.10.u4 |
CVE-2024-25151
|
MAVEN:GHSA-HGR6-6HHW-883F
|
Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofing | moderate |
2024-02-21T06:30:32
(6 months ago) |
|
| Fixed | = 7.2.10.fp15 = 7.3.10.u4 |
CVE-2024-25151
|
MAVEN:GHSA-HGR6-6HHW-883F
|
Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofing | moderate |
2024-02-21T06:30:32
(6 months ago) |
|
| Affected | >= 7.2.0, < 7.2.10.fp18 >= 7.3.0, < 7.3.10.u4 |
CVE-2024-25146
|
MAVEN:GHSA-MQF8-4CQM-P83X
|
Liferay Portal allows attackers to discover the existence of sites | moderate |
2024-02-08T06:30:23
(7 months ago) |
|
| Fixed | = 7.2.10.fp18 = 7.3.10.u4 |
CVE-2024-25146
|
MAVEN:GHSA-MQF8-4CQM-P83X
|
Liferay Portal allows attackers to discover the existence of sites | moderate |
2024-02-08T06:30:23
(7 months ago) |
|
| Affected | >= 7.2.0, < 7.2.10.fp17 >= 7.3.0, < 7.3.10.u4 |
CVE-2024-25152
|
MAVEN:GHSA-P28X-4R5H-PH6J
|
Liferay Portal Message Board widget and Liferay DXP vulnerable to stored Cross-site Scripting | critical |
2024-02-21T03:30:37
(6 months ago) |
|
| Fixed | = 7.2.10.fp17 = 7.3.10.u4 |
CVE-2024-25152
|
MAVEN:GHSA-P28X-4R5H-PH6J
|
Liferay Portal Message Board widget and Liferay DXP vulnerable to stored Cross-site Scripting | critical |
2024-02-21T03:30:37
(6 months ago) |
|
| Affected | >= 7.4.13.u18, <= 7.4.13.u92 >= 2023.Q3, < 2023.Q3.6 |
CVE-2023-47795
|
MAVEN:GHSA-Q2CV-7J58-RFMJ
|
Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting | critical |
2024-02-21T15:30:45
(6 months ago) |
|
| Fixed | = 2023.Q3.6 |
CVE-2023-47795
|
MAVEN:GHSA-Q2CV-7J58-RFMJ
|
Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting | critical |
2024-02-21T15:30:45
(6 months ago) |
|
| Affected | >= 7.3.0, < 7.3.10.u4 >= 7.2.0, < 7.2.10.fp15 |
CVE-2024-25148
|
MAVEN:GHSA-QWJ8-QGPR-8CRM
|
Liferay Portal vulnerable to user impersonation | moderate |
2024-02-08T06:30:23
(7 months ago) |
|
| Fixed | = 7.3.10.u4 = 7.2.10.fp15 |
CVE-2024-25148
|
MAVEN:GHSA-QWJ8-QGPR-8CRM
|
Liferay Portal vulnerable to user impersonation | moderate |
2024-02-08T06:30:23
(7 months ago) |
|
| Affected | >= 7.2.0, < 7.2.10.fp20 >= 7.3.10.ep3, < 7.3.10.u11 >= 7.4.13.u1, < 7.4.13.u38 |
CVE-2024-26269
|
MAVEN:GHSA-RWHV-HVJ2-QRQM
|
Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting | critical |
2024-02-21T03:30:38
(6 months ago) |
|
| Fixed | = 7.2.10.fp20 = 7.3.10.u11 = 7.4.13.u38 |
CVE-2024-26269
|
MAVEN:GHSA-RWHV-HVJ2-QRQM
|
Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting | critical |
2024-02-21T03:30:38
(6 months ago) |
|
| Affected | >= 7.2.0, < 7.2.10.fp17 >= 7.3.10.ep3, < 7.3.10.u4 >= 7.4.13.u1, < 7.4.13.u10 |
CVE-2024-26266
|
MAVEN:GHSA-RWXC-4CMW-7X75
|
Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting | critical |
2024-02-21T03:30:38
(6 months ago) |
|
| Fixed | = 7.2.10.fp17 = 7.3.10.u4 = 7.4.13.u10 |
CVE-2024-26266
|
MAVEN:GHSA-RWXC-4CMW-7X75
|
Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting | critical |
2024-02-21T03:30:38
(6 months ago) |
|
| Affected | >= 7.2.0, < 7.2.10.fp17 >= 7.3.0, < 7.3.10.u4 |
CVE-2024-25602
|
MAVEN:GHSA-V2XQ-M22W-JMPR
|
Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site Scripting | critical |
2024-02-21T03:30:37
(6 months ago) |
|
| Fixed | = 7.2.10.fp17 = 7.3.10.u4 |
CVE-2024-25602
|
MAVEN:GHSA-V2XQ-M22W-JMPR
|
Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site Scripting | critical |
2024-02-21T03:30:37
(6 months ago) |
|
| Affected | >= 7.4.0, < 7.4.13.u27 >= 7.3.0, < 7.3.10.u6 >= 7.2.0, < 7.2.10.fp19 |
CVE-2024-25144
|
MAVEN:GHSA-W275-M8CR-HF2V
|
Liferay Portal denial-of-service vulnerability | moderate |
2024-02-08T06:30:23
(7 months ago) |
|
| Fixed | = 7.4.13.u27 = 7.3.10.u6 = 7.2.10.fp19 |
CVE-2024-25144
|
MAVEN:GHSA-W275-M8CR-HF2V
|
Liferay Portal denial-of-service vulnerability | moderate |
2024-02-08T06:30:23
(7 months ago) |
|
| Affected | >= 7.2.0, < 7.2.10.fp15 >= 7.3.0, < 7.3.10.u4 |
CVE-2024-25147
|
MAVEN:GHSA-XPJG-7HX7-WGCX
|
Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting | critical |
2024-02-21T03:30:37
(6 months ago) |
|
| Fixed | = 7.2.10.fp15 = 7.3.10.u4 |
CVE-2024-25147
|
MAVEN:GHSA-XPJG-7HX7-WGCX
|
Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting | critical |
2024-02-21T03:30:37
(6 months ago) |