Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Authentication Bypass Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilitie Known Vulnerabilities Ldap Injection Malware Missing Update Privilege Escalation Remote Code Execution SSRF SSTI Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-33942) CVE-2023-33942 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-33943) CVE-2023-33943 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-33944) CVE-2023-33944 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-42497) CVE-2023-42497 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-42627) CVE-2023-42627 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-42628) CVE-2023-42628 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-42629) CVE-2023-42629 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-44309) CVE-2023-44309 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-44310) CVE-2023-44310 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-44311) CVE-2023-44311 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-47797) CVE-2023-47797 CWE-707 CWE-707 Medium Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-25145) CVE-2024-25145 CWE-707 CWE-707 Medium Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2021-29052) CVE-2021-29052 CWE-276 CWE-276 Medium Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2021-33324) CVE-2021-33324 CWE-276 CWE-276 Medium Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2021-33327) CVE-2021-33327 CWE-276 CWE-276 Medium Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2021-33333) CVE-2021-33333 CWE-276 CWE-276 Medium Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2021-33334) CVE-2021-33334 CWE-276 CWE-276 Medium Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2021-38268) CVE-2021-38268 CWE-276 CWE-276 Medium Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2022-26595) CVE-2022-26595 CWE-276 CWE-276 Medium Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2022-41414) CVE-2022-41414 CWE-276 CWE-276 Medium Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2022-42127) CVE-2022-42127 CWE-276 CWE-276 Medium Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2022-42128) CVE-2022-42128 CWE-276 CWE-276 Medium Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2022-42130) CVE-2022-42130 CWE-276 CWE-276 Medium Liferay Portal Insufficiently Protected Credentials Vulnerability (CVE-2021-29043) CVE-2021-29043 CWE-522 CWE-522 Medium Liferay Portal Missing Authorization Vulnerability (CVE-2022-38512) CVE-2022-38512 CWE-862 CWE-862 Medium Liferay Portal Missing Authorization Vulnerability (CVE-2022-39975) CVE-2022-39975 CWE-862 CWE-862 Medium Liferay Portal Missing Authorization Vulnerability (CVE-2023-3426) CVE-2023-3426 CWE-862 CWE-862 Medium Liferay Portal Observable Discrepancy Vulnerability (CVE-2024-25146) CVE-2024-25146 CWE-203 CWE-203 Medium Liferay Portal Origin Validation Error Vulnerability (CVE-2022-25146) CVE-2022-25146 CWE-346 CWE-346 Medium Liferay Portal Other Vulnerability (CVE-2023-33946) CVE-2023-33946 Medium Liferay Portal Other Vulnerability (CVE-2023-33947) CVE-2023-33947 Medium Liferay Portal Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-15839) CVE-2020-15839 CWE-434 CWE-434 Medium Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-33331) CVE-2021-33331 CWE-601 CWE-601 Medium Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-28977) CVE-2022-28977 CWE-601 CWE-601 Medium Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-35029) CVE-2023-35029 CWE-601 CWE-601 Medium Liferay version older than 7.1 CWE-918 CWE-918 Medium Liferay XMLRPC Blind SSRF CWE-918 CWE-918 Medium lightbox2 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-9441) CVE-2014-9441 CWE-352 CWE-352 Medium Lighttpd Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-1111) CVE-2008-1111 CWE-200 CWE-200 Medium Lighttpd Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-1270) CVE-2008-1270 CWE-200 CWE-200 Medium Lighttpd Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-2324) CVE-2014-2324 CWE-22 CWE-22 Medium Lighttpd Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2007-4727) CVE-2007-4727 CWE-119 CWE-119 Medium Lighttpd Other Vulnerability (CVE-2005-0453) CVE-2005-0453 Medium Lighttpd Other Vulnerability (CVE-2006-0814) CVE-2006-0814 Medium Lighttpd Other Vulnerability (CVE-2007-1869) CVE-2007-1869 Medium Lighttpd Other Vulnerability (CVE-2007-3946) CVE-2007-3946 Medium Lighttpd Other Vulnerability (CVE-2007-3947) CVE-2007-3947 Medium Lighttpd Other Vulnerability (CVE-2007-3948) CVE-2007-3948 Medium Lighttpd Other Vulnerability (CVE-2007-3950) CVE-2007-3950 Medium Lighttpd Other Vulnerability (CVE-2008-1531) CVE-2008-1531 Medium Lighttpd Other Vulnerability (CVE-2011-4362) CVE-2011-4362 Medium Lighttpd Out-of-bounds Write Vulnerability (CVE-2022-22707) CVE-2022-22707 CWE-787 CWE-787 Medium Lighttpd Resource Management Errors Vulnerability (CVE-2008-0983) CVE-2008-0983 Medium Lighttpd Resource Management Errors Vulnerability (CVE-2008-4298) CVE-2008-4298 Medium Lighttpd Resource Management Errors Vulnerability (CVE-2010-0295) CVE-2010-0295 Medium Lighttpd Resource Management Errors Vulnerability (CVE-2012-5533) CVE-2012-5533 Medium Lighttpd Use After Free Vulnerability (CVE-2013-4560) CVE-2013-4560 CWE-416 CWE-416 Medium LimeSurvey CVE-2019-16176 Vulnerability (CVE-2019-16176) CVE-2019-16176 Medium LimeSurvey CVE-2019-16180 Vulnerability (CVE-2019-16180) CVE-2019-16180 Medium LimeSurvey Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3752) CVE-2011-3752 CWE-200 CWE-200 Medium LimeSurvey Improper Certificate Validation Vulnerability (CVE-2019-16179) CVE-2019-16179 CWE-295 CWE-295 Medium LimeSurvey Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-5573) CVE-2007-5573 CWE-94 CWE-94 Medium LimeSurvey Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2020-11455) CVE-2020-11455 CWE-22 CWE-22 Medium LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-2571) CVE-2008-2571 CWE-707 CWE-707 Medium LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4995) CVE-2012-4995 CWE-707 CWE-707 Medium LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-5016) CVE-2014-5016 CWE-707 CWE-707 Medium LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-18358) CVE-2017-18358 CWE-707 CWE-707 Medium LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17003) CVE-2018-17003 CWE-707 CWE-707 Medium LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20322) CVE-2018-20322 CWE-707 CWE-707 Medium LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16172) CVE-2019-16172 CWE-707 CWE-707 Medium LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16173) CVE-2019-16173 CWE-707 CWE-707 Medium LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16178) CVE-2019-16178 CWE-707 CWE-707 Medium LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16182) CVE-2019-16182 CWE-707 CWE-707 Medium LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-17660) CVE-2019-17660 CWE-707 CWE-707 Medium LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11456) CVE-2020-11456 CWE-707 CWE-707 Medium 1...31323334...99 32 / 99
