CVE-2024-11993 | THREATINT

Description

Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field

PUBLISHED Reserved 2024-11-29 | Published 2024-12-17 | Updated 2025-03-28 | Assigner Liferay

MEDIUM: 4.6CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Product status

Default status

unaffected

7.4.0 (maven)

affected

Default status

unaffected

7.4.13 (maven)

affected

Credits

Liferay reporter

milCERT AT reporter

References

liferay.dev/...-/asset_publisher/jekt/content/CVE-2024-11993

cve.org (CVE-2024-11993)

nvd.nist.gov (CVE-2024-11993)

Download JSON