Liferay Portal 漏洞列表
共找到 6 个与 Liferay Portal 相关的漏洞
📅 加载漏洞趋势中...
-
CVE-2020-7961: Liferay Portal RCE 反序列化命令执行漏洞 POC
Liferay Portal CE是一款用来快速构建网站的开源系统。其7.2.0 GA1及以前的版本API接口中存在一处反序列化漏洞,利用该漏洞可在目标服务器上执行任意命令。 FOFA: app="Liferay" -
CVE-2020-7961: Liferay Portal Unauthenticated < 7.2.1 CE GA2 - Remote Code Execution POC
Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS). -
CVE-2022-42118: Liferay Portal - Cross-site Scripting POC
A Cross-site scripting (XSS) vulnerability in the Portal Search module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the `tag` parameter. -
CVE-2025-4388: Liferay Portal - Cross-Site Scripting POC
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 GA through update 92 allows an remote non-authenticated attacker to inject JavaScript into the modules/apps/marketplace/marketplace-app-manager-web. -
Liferay Portal存在未授权命令执行(CVE-2020-7961) 无POC
Liferay Portal是由美国Liferay公司开发的一个基于J2EE的门户解决方案。'LiferayPortal远程命令执行漏洞,攻击者利用该漏洞可在未授权的情况实现远程命令执行,获取目标服务器权限。 -
Liferay Portal 远程代码执行漏洞 无POC
Liferay Portal是由美国Liferay公司开发的一个基于J2EE的门户解决方案。'LiferayPortal远程命令执行漏洞,攻击者利用该漏洞可在未授权的情况实现远程命令执行,获取目标服务器权限。