Vulnerabilities > Liferay > Liferay Portal > 6.2.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-07 | CVE-2017-12648 | Cross-site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2/7.0 XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL. | 6.1 |
| 2017-08-07 | CVE-2017-12647 | Cross-site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2/7.0 XSS exists in Liferay Portal before 7.0 CE GA4 via a Knowledge Base article title. | 6.1 |
| 2017-08-07 | CVE-2017-12646 | Cross-site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2/7.0 XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, password, or e-mail address. | 6.1 |
| 2017-08-07 | CVE-2017-12645 | Cross-site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2/7.0 XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid portletId. | 6.1 |
| 2017-08-07 | CVE-2016-10404 | Cross-site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2/7.0 XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted redirect field to modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp. | 6.1 |
| 2017-01-13 | CVE-2010-5327 | Permissions, Privileges, and Access Controls vulnerability in Liferay Portal Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template. | 8.8 |