CVE-2024-11993
published 2024-12-17CVE-2024-11993: Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers…
medium4.6CVSS 4.0
AVNACLATNPRHUIAVCLVILVANSCLSILSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| liferay | digital_experience_platform | — | — |
| liferay | digital_experience_platform | >= 7.1 < 7.4 | 7.4 |
| liferay | dxp | 7.4.13 – 7.4.13-u38 | — |
| liferay | liferay_portal | >= 7.1.0 < 7.4.3.39 | 7.4.3.39 |
| liferay | portal | 7.4.0 – 7.4.3.38 | — |