Vulnerabilities > Liferay > Liferay Portal > 7.4.0

DATE CVE VULNERABILITY TITLE RISK
2022-04-15 CVE-2022-26594 Cross-site Scripting vulnerability in Liferay Portal 7.3.5/7.3.6/7.4.0
Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.5 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allow remote attackers to inject arbitrary web script or HTML via a form field's help text to (1) Forms module's form builder, or (2) App Builder module's object form view's form builder.
network
low complexity
liferay CWE-79
6.1
6.1
2022-03-03 CVE-2021-38264 Cross-site Scripting vulnerability in Liferay Portal 7.4.0/7.4.1
Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 and 7.4.1 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the `keywords` parameter.
network
low complexity
liferay CWE-79
6.1
6.1
2022-03-03 CVE-2021-38269 Cross-site Scripting vulnerability in Liferay Portal
Cross-site scripting (XSS) vulnerability in the Gogo Shell module in Liferay Portal 7.1.0 through 7.3.6 and 7.4.0, and Liferay DXP 7.1 before fix pack 23, 7.2 before fix pack 13, and 7.3 before fix pack 2 allows remote attackers to inject arbitrary web script or HTML via the output of a Gogo Shell command.
network
low complexity
liferay CWE-79
5.4
5.4
2021-08-04 CVE-2021-35463 Cross-site Scripting vulnerability in Liferay Portal 7.4.0
Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the `keywords` parameter.
network
low complexity
liferay CWE-79
6.1
6.1