Description

Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field

Remediation

References

CVE-2024-11993

Related Vulnerabilities

MySQL CVE-2020-2686 Vulnerability (CVE-2020-2686)

Frontaccounting Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-5117)

PHP Address Book Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-1748)

WordPress Plugin Booking.com Product Helper Unspecified Vulnerability (1.0.3)

WordPress Plugin WordPress Appointment Schedule Booking System Cross-Site Scripting (1.0)

Severity

Medium

Classification

CVE-2024-11993 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities