Vulnerabilities > Liferay

DATE	CVE	VULNERABILITY TITLE	RISK
2017-08-07	CVE-2017-12645	Cross-site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2/7.0 XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid portletId. network low complexity liferay CWE-79	6.1
2017-08-07	CVE-2016-10404	Cross-site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2/7.0 XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted redirect field to modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp. network low complexity liferay CWE-79	6.1
2017-01-23	CVE-2016-6517	Path Traversal vulnerability in Liferay 5.1.0 Directory traversal vulnerability in Liferay 5.1.0 allows remote attackers to have unspecified impact via a %2E%2E (encoded dot dot) in the minifierBundleDir parameter to barebone.jsp. network low complexity liferay CWE-22 critical	9.8
2017-01-13	CVE-2010-5327	Permissions, Privileges, and Access Controls vulnerability in Liferay Portal Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template. network low complexity liferay CWE-264	8.8
2016-06-13	CVE-2016-3670	Cross-site Scripting vulnerability in Liferay Portal Cross-site scripting (XSS) vulnerability in users.jsp in the Profile Search functionality in Liferay before 7.0.0 CE RC1 allows remote attackers to inject arbitrary web script or HTML via the FirstName field. network low complexity liferay CWE-79	6.1

Vulnerabilities > Liferay {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Liferay"}]}