VYPR

Maven package

com.liferay.portal/com.liferay.util.java

pkg:maven/com.liferay.portal/com.liferay.util.java

Vulnerabilities (2)

  • CVE-2024-25606Feb 20, 2024
    affected < 14.0.0fixed 14.0.0

    XXE vulnerability in Liferay Portal 7.2.0 through 7.4.3.7, and older unsupported versions, and Liferay DXP 7.4 before update 4, 7.3 before update 12, 7.2 before fix pack 20, and older unsupported versions allows attackers with permission to deploy widgets/portlets/extensions to o

  • CVE-2022-28977Sep 22, 2022
    affected < 7.9.0fixed 7.9.0

    HtmlUtil.escapeRedirect in Liferay Portal 7.3.1 through 7.4.2, and Liferay DXP 7.0 fix pack 91 through 101, 7.1 fix pack 17 through 25, 7.2 fix pack 5 through 14, and 7.3 before service pack 3 can be circumvented by using multiple forward slashes, which allows remote attackers to