Vulnerabilities > Liferay > Liferay Portal > 6.2.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-02 | CVE-2017-1000425 | Cross-site Scripting vulnerability in Liferay Portal Cross-site scripting (XSS) vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter. | 4.3 |
| 2017-08-07 | CVE-2017-12649 | Cross-site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2 XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted title or summary that is mishandled in the Web Content Display. | 4.3 |
| 2017-08-07 | CVE-2017-12648 | Cross-site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2 XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL. | 4.3 |
| 2017-08-07 | CVE-2017-12647 | Cross-site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2 XSS exists in Liferay Portal before 7.0 CE GA4 via a Knowledge Base article title. | 4.3 |
| 2017-08-07 | CVE-2017-12646 | Cross-site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2 XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, password, or e-mail address. | 4.3 |
| 2017-08-07 | CVE-2017-12645 | Cross-site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2 XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid portletId. | 4.3 |
| 2017-08-07 | CVE-2016-10404 | Cross-site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2 XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted redirect field to modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp. | 4.3 |
| 2017-01-13 | CVE-2010-5327 | Permissions, Privileges, and Access Controls vulnerability in Liferay Portal Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template. | 6.5 |