Vulnerabilities > Liferay > Liferay Portal > 7.4.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-07 | CVE-2022-41414 | Incorrect Default Permissions vulnerability in Liferay Portal An insecure default in the component auth.login.prompt.enabled of Liferay Portal v7.0.0 through v7.4.2 allows attackers to enumerate usernames, site names, and pages. | 5.3 |
| 2022-09-22 | CVE-2022-28980 | Cross-site Scripting vulnerability in Liferay Portal Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter_ prefix. | 6.1 |