Description

Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field

Remediation

References

CVE-2024-11993

Related Vulnerabilities

WordPress Plugin Woocommerce Product Designer Arbitrary File Upload (3.0.3)

WordPress Plugin Sticky Menu, Sticky Header (or anything!) on Scroll Cross-Site Request Forgery (2.2)

WordPress Plugin WooCommerce Customers Manager Multiple Vulnerabilities (26.5)

WordPress Plugin Beautiful FAQ for WordPress-Everest FAQ Manager Lite includes Backdoor [Only if downloaded via the vendor website] (1.0.8)

Oracle Database Server CVE-2009-1979 Vulnerability (CVE-2009-1979)

Severity

Medium

Classification

CVE-2024-11993 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities