Vulnerabilities > Liferay > Liferay Portal > 7.3.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-15 | CVE-2022-42110 | Cross-site Scripting vulnerability in Liferay Portal A Cross-site scripting (XSS) vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML. | 6.1 |
| 2022-10-18 | CVE-2022-42112 | Cross-site Scripting vulnerability in Liferay DXP 7.2/7.3/7.4 A Cross-site scripting (XSS) vulnerability in the Portal Search module's Sort widget in Liferay Portal 7.2.0 through 7.4.3.24, and Liferay DXP 7.2 before fix pack 19, 7.3 before update 5, and DXP 7.4 before update 25 allows remote attackers to inject arbitrary web script or HTML via a crafted payload. | 5.4 |
| 2022-10-13 | CVE-2022-38902 | Cross-site Scripting vulnerability in Liferay DXP and Liferay Portal A Cross-site scripting (XSS) vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic. | 5.4 |
| 2022-10-07 | CVE-2022-41414 | Incorrect Default Permissions vulnerability in Liferay Portal An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows attackers to enumerate usernames, site names, and pages. | 5.3 |
| 2022-09-22 | CVE-2022-28980 | Cross-site Scripting vulnerability in Liferay Portal Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter_ prefix. | 6.1 |
| 2022-09-22 | CVE-2022-28978 | Cross-site Scripting vulnerability in Liferay DXP 7.0/7.2 Stored cross-site scripting (XSS) vulnerability in the Site module's user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the a user's name. | 5.4 |
| 2022-09-22 | CVE-2022-28979 | Cross-site Scripting vulnerability in Liferay DXP and Liferay Portal Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered to contain a cross-site scripting (XSS) vulnerability in the Portal Search module's Custom Facet widget. | 6.1 |
| 2022-04-25 | CVE-2022-26596 | Cross-site Scripting vulnerability in Liferay Digital Experience Platform 7.0/7.1/7.2 Cross-site scripting (XSS) vulnerability in Journal module's web content display configuration page in Liferay Portal 7.1.0 through 7.3.3, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 8, allows remote attackers to inject arbitrary web script or HTML via web content template names. | 6.1 |
| 2022-04-25 | CVE-2022-26597 | Cross-site Scripting vulnerability in Liferay Digital Experience Platform 7.0/7.3 Cross-site scripting (XSS) vulnerability in the Layout module's Open Graph integration in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the site name. | 6.1 |
| 2022-03-03 | CVE-2021-38263 | Cross-site Scripting vulnerability in Liferay Portal Cross-site scripting (XSS) vulnerability in the Server module's script console in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 20 and 7.2 before fix pack 10 allows remote attackers to inject arbitrary web script or HTML via the output of a script. | 6.1 |