VYPR

Liferay

by Liferay

Source repositories

CVEs (3)

  • CVE-2016-6517CriJan 23, 2017
    risk 0.64cvss 9.8epss 0.02

    Directory traversal vulnerability in Liferay 5.1.0 allows remote attackers to have unspecified impact via a %2E%2E (encoded dot dot) in the minifierBundleDir parameter to barebone.jsp.

  • CVE-2018-10795HigMay 7, 2018
    risk 0.57cvss 8.8epss 0.02

    Liferay 6.2.x and before has an FCKeditor configuration that allows an attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment via a browser/liferay/browser.html?Type= or html/js/editor/fckeditor/editor/filemana…

  • CVE-2004-2030May 22, 2004
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for Liferay before 2.2.0 release 10/1/2004 allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the message subject.