CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12648
https://notcve.org/view.php?id=CVE-2017-12648
07 Aug 2017 — XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Liferay Portal en versiones anteriores a la 7.0 CE GA4 mediante una marcador URL. • https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12649
https://notcve.org/view.php?id=CVE-2017-12649
07 Aug 2017 — XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted title or summary that is mishandled in the Web Content Display. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Liferay Portal en versiones anteriores a la 7.0 CE GA4 mediante un resumen o título manipulado que no se administra correctamente en el Web Content Display. • https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2010-5327
https://notcve.org/view.php?id=CVE-2010-5327
13 Jan 2017 — Liferay Portal through 6.2.10 allows remote authenticated users to execute arbitrary shell commands via a crafted Velocity template. Liferay Portal hasta la versión 6.2.10 permite a usuarios remotos autenticados ejecutar comandos shell arbitrarios a través de una plantilla Velocity manipulada. • https://dev.liferay.com/web/community-security-team/known-vulnerabilities • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 10%CPEs: 1EXPL: 5CVE-2016-3670 – Liferay CE < 6.2 CE GA6 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2016-3670
01 Jun 2016 — Cross-site scripting (XSS) vulnerability in users.jsp in the Profile Search functionality in Liferay before 7.0.0 CE RC1 allows remote attackers to inject arbitrary web script or HTML via the FirstName field. Vulnerabilidad de XSS en users.jsp en la funcionalidad Profile Search functionality en Liferay en versiones anteriores a 7.0.0 CE RC1 permite a atacantes remotos inyectar comandos web o HTML arbitrarios a través del campo FirstName. Liferay CE versions prior to 6.2 CE GA6 suffer from a persistent cross... • https://packetstorm.news/files/id/137279 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-8349 – Liferay Portal 6.2 EE SP8 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-8349
21 Nov 2014 — Cross-site scripting (XSS) vulnerability in Liferay Portal Enterprise Edition (EE) 6.2 SP8 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the _20_body parameter in the comment field in an uploaded file. Vulnerabilidad de XSS en Liferay Portal Enterprise Edition (EE) 6.2 SP8 y anteriores permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro _20_body en el campo de comentario en un fichero subido. Liferay... • http://packetstormsecurity.com/files/129199/Liferay-Portal-6.2-EE-SP8-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2014-2963
https://notcve.org/view.php?id=CVE-2014-2963
10 Jul 2014 — Multiple cross-site scripting (XSS) vulnerabilities in group/control_panel/manage in Liferay Portal 6.1.2 CE GA3, 6.1.X EE, and 6.2.X EE allow remote attackers to inject arbitrary web script or HTML via the (1) _2_firstName, (2) _2_lastName, or (3) _2_middleName parameter. Múltiples vulnerabilidades de XSS en group/control_panel/manage en Liferay Portal 6.1.2 CE GA3, 6.1.X EE y 6.2.X EE permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) _2_firstNam... • http://www.kb.cert.org/vuls/id/100972 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2011-1502
https://notcve.org/view.php?id=CVE-2011-1502
07 May 2011 — Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to read arbitrary files via an entity declaration in conjunction with an entity reference, related to an XML External Entity (aka XXE) issue. Liferay Portal Community Edition (CE) v6.x anterior a v6.0.6 GA, cuando Apache Tomcat es utilizado, permite a usuarios remotos autenticados leer archivos arbitrarios a través de una declaración de entidad junto con una referencia de entidad, relacio... • http://issues.liferay.com/browse/LPS-14927 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2011-1503
https://notcve.org/view.php?id=CVE-2011-1503
07 May 2011 — The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:/// URL. XSL Content portlet en Liferay Portal Community Edition (CE) v5.x y v6.x anterior a 6.0.6 GA, cuando Apache Tomcat o Oracle GlassFish es usado, permite a usuarios remotos autenticados leer ficheros (1) XSL y (2) XML mediante la URL file:/// • http://issues.liferay.com/browse/LPS-13762 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2011-1570
https://notcve.org/view.php?id=CVE-2011-1570
07 May 2011 — Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Liferay Portal Community Edition (CE) v6.x anterior a v6.0.6 GA, cuando Apache Tomcat es utilizado, permite a atacantes remotos autenticados inyectar secuencia... • http://issues.liferay.com/browse/LPS-12628 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 6%CPEs: 2EXPL: 2CVE-2011-1571 – Liferay XSL - Command Execution
https://notcve.org/view.php?id=CVE-2011-1571
07 May 2011 — Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors. Vulnerabilidad no especificada en XSL Content portlet en Liferay Portal Community Edition (CE) v5.x y v6.x anterior a v6.0.6 GA, cuando Apache Tomcat es utilizado, permite a atacantes remotos ejecutar comandos arbitrarios a través de vectores desconocidos. • https://www.exploit-db.com/exploits/18715 •