Количество 2
Количество 2
CVE-2024-25148
In Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions the `doAsUserId` URL parameter may get leaked when creating linked content using the WYSIWYG editor and while impersonating a user. This may allow remote authenticated users to impersonate a user after accessing the linked content.
GHSA-qwj8-qgpr-8crm
Liferay Portal vulnerable to user impersonation
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-25148 In Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions the `doAsUserId` URL parameter may get leaked when creating linked content using the WYSIWYG editor and while impersonating a user. This may allow remote authenticated users to impersonate a user after accessing the linked content. | CVSS3: 5.4 | 0% Низкий | около 2 лет назад |
| GHSA-qwj8-qgpr-8crm Liferay Portal vulnerable to user impersonation | CVSS3: 8.1 | 0% Низкий | около 2 лет назад |
Уязвимостей на страницу