CVE-2024-26269

Опубликовано: 21 фев. 2024

Источник: nvd

CVSS3: 9.6

CVSS3: 6.1

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via the anchor (hash) part of a URL.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*

Версия от 7.2.0 (включая) до 7.4.3.38 (исключая)

Конфигурация 2

Одно из

cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*

Версия до 7.2 (исключая)

cpe:2.3:a:liferay:digital_experience_platform:7.2:-:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_1:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_10:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_11:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_12:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_13:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_14:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_15:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_16:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_17:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_18:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_19:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_2:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_3:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_4:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_5:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_6:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_7:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_8:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_9:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_1:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_2:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_3:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_4:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_5:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_6:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_7:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:-:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:fix_pack_1:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:fix_pack_2:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:service_pack_1:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:service_pack_3:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update10:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update4:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update5:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update6:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update7:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update8:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.3:update9:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:-:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update1:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update10:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update11:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update12:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update13:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update14:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update15:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update16:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update17:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update18:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update19:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update2:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update20:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update21:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update22:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update23:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update24:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update25:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update26:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update27:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update28:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update29:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update3:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update30:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update31:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update32:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update33:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update34:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update35:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update36:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update37:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update4:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update5:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update6:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update7:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update8:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update9:*:*:*:*:*:*

EPSS

Процентиль: 34%

0.00141

Низкий

9.6 Critical

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-rwhv-hvj2-qrqm

CVSS3: 9.6

github

почти 2 года назад

Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting

EPSS

Процентиль: 34%

0.00141

Низкий

9.6 Critical

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79