CVE-2024-11993
UNKNOWN
Published 2024-12-17T20:24:42.600Z
Actions:
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2024-11993. We'll provide specific mitigation strategies based on your environment and risk profile.
No CVSS data available
Description
Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field
Available Exploits
No exploits available for this CVE.
Related News
No news articles found for this CVE.
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
✓ GitHub Reviewed
MODERATE
Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting
GHSA-4hxr-28mv-q729Advisory Details
Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.1.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38, 7.3 GA through update 36, 7.2 GA through fix pack 20 and 7.1 GA through fix pack 28 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field
Affected Packages
Maven
com.liferay.portal:release.portal.bom
ECOSYSTEM:
≥7.1.0
<7.4.3.39
Maven
com.liferay.portal:release.dxp.bom
ECOSYSTEM:
≥7.1
<7.4.13.u39
CVSS Scoring
CVSS Score
5.0
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References
Advisory provided by GitHub Security Advisory Database. Published: December 17, 2024, Modified: January 28, 2025
Published: 2024-12-17T20:24:42.600Z
Last Modified: 2025-03-28T20:04:56.591Z
Copied to clipboard!