Search for packages
| purl | pkg:maven/com.liferay.portal/release.dxp.bom@7.2.10.fp13 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-duvg-hkyn-uqcs | Liferay Portal and Liferay DXP fails to check permissions to view sites/groups Liferay Portal 7.3.7, 7.4.0, and 7.4.1, and Liferay DXP 7.2 fix pack 13, and 7.3 fix pack 2 does not properly check user permission when accessing a list of sites/groups, which allows remote authenticated users to view sites/groups via the user's site membership assignment UI. |
CVE-2022-26595
GHSA-822f-jfpg-hg7h |
| VCID-e42x-p4br-vyfj | Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS) in the Gogo Shell module Cross-site scripting (XSS) vulnerability in the Gogo Shell module before 5.0.2 from Liferay Portal 7.1.0 through 7.3.6 and 7.4.0, and Liferay DXP 7.1 before fix pack 23, 7.2 before fix pack 13, and 7.3 before fix pack 2 allows remote attackers to inject arbitrary web script or HTML via the output of a Gogo Shell command. |
CVE-2021-38269
GHSA-vw6g-gh6c-8qwp |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-05-31T00:55:51.661389+00:00 | GHSA Importer | Fixing | VCID-duvg-hkyn-uqcs | https://github.com/advisories/GHSA-822f-jfpg-hg7h | 38.6.0 |
| 2026-05-31T00:55:25.848886+00:00 | GHSA Importer | Fixing | VCID-e42x-p4br-vyfj | https://github.com/advisories/GHSA-vw6g-gh6c-8qwp | 38.6.0 |
| 2026-05-30T20:57:40.375757+00:00 | GitLab Importer | Fixing | VCID-duvg-hkyn-uqcs | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.liferay.portal/release.dxp.bom/CVE-2022-26595.yml | 38.6.0 |
| 2026-05-30T20:57:18.424137+00:00 | GitLab Importer | Fixing | VCID-e42x-p4br-vyfj | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.liferay.portal/release.dxp.bom/CVE-2021-38269.yml | 38.6.0 |