CVE-2024-11993

Опубликовано: 17 дек. 2024

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field

Ссылки

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-11993
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*

Версия от 7.1.0 (включая) до 7.4.3.39 (исключая)

Конфигурация 2

Одно из

cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*

Версия от 7.1 (включая) до 7.4 (исключая)

cpe:2.3:a:liferay:digital_experience_platform:7.4:-:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update1:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update10:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update11:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update12:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update13:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update14:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update15:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update16:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update17:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update18:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update19:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update2:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update20:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update21:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update22:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update23:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update24:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update25:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update26:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update27:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update28:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update29:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update3:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update30:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update31:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update32:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update33:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update34:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update35:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update36:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update37:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update38:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update4:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update5:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update6:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update7:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update8:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update9:*:*:*:*:*:*

EPSS

Процентиль: 24%

0.0008

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-4hxr-28mv-q729