6.1
CVE-2024-11993
- EPSS 0.07%
- Published 17.12.2024 21:15:07
- Last modified 28.03.2025 20:15:20
- Source security@liferay.com
- Teams watchlist Login
- Open Login
Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field
Data is provided by the National Vulnerability Database (NVD)
Liferay ≫ Liferay Portal Version >= 7.1.0 < 7.4.3.39
Liferay ≫ Digital Experience Platform Version >= 7.1 < 7.4
Liferay ≫ Digital Experience Platform Version7.4 Update-
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate1
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate10
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate11
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate12
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate13
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate14
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate15
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate16
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate17
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate18
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate19
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate2
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate20
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate21
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate22
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate23
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate24
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate25
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate26
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate27
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate28
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate29
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate3
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate30
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate31
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate32
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate33
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate34
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate35
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate36
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate37
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate38
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate4
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate5
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate6
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate7
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate8
Liferay ≫ Digital Experience Platform Version7.4 Updateupdate9
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.216 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
| security@liferay.com | 4.6 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.