VYPR

Maven package

com.liferay/com.liferay.server.admin.web

pkg:maven/com.liferay/com.liferay.server.admin.web

Vulnerabilities (2)

  • CVE-2025-3594Jun 16, 2025
    affected >= 5.0.0, < 5.0.24fixed 5.0.24

    Path traversal vulnerability with the downloading and installation of Xuggler in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.4 GA, 7.3 GA through update 34, and older unsupported versions allows remote attackers to (1) add files to arbitrary locations on the server an

  • CVE-2021-38263Mar 2, 2022
    affected < 4.0.12fixed 4.0.12

    Cross-site scripting (XSS) vulnerability in the Server module's script console in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 20 and 7.2 before fix pack 10 allows remote attackers to inject arbitrary web script or HTML via the ou