Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Liferay DXP Excessive Iteration Vulnerability (CVE-2024-25144)

Description

The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a denial-of-service (DoS) via a self referencing IFrame.

Remediation

References

Related Vulnerabilities

Jetty Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-6762)

WordPress Plugin WooCommerce Help Scout Arbitrary File Upload (2.9)

WordPress Plugin Social Media Flying Icons-Floating Social Media Icon Cross-Site Scripting (2.1)

MySQL CVE-2019-2805 Vulnerability (CVE-2019-2805)

Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-7890)

Severity

Medium

Classification

CVE-2024-25144 CWE-834 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities