Description

XXE vulnerability in Liferay Portal 7.2.0 through 7.4.3.7, and older unsupported versions, and Liferay DXP 7.4 before update 4, 7.3 before update 12, 7.2 before fix pack 20, and older unsupported versions allows attackers with permission to deploy widgets/portlets/extensions to obtain sensitive information or consume system resources via the Java2WsddTask._format method.

Remediation

References

CVE-2024-25606

Related Vulnerabilities

PHP Improper Input Validation Vulnerability (CVE-2016-10397)

WordPress Plugin Testimonial-Best Testimonial Slider Cross-Site Scripting (2.1.6)

WordPress Plugin User Login Log Cross-Site Scripting (2.2.2)

WordPress Plugin Analytics-Gtag Restricted File Upload (1.8.1)

Magento Insufficient Session Expiration Vulnerability (CVE-2021-21032)

Severity

High

Classification

CVE-2024-25606 CWE-611 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:H

Tags

Missing Update Known Vulnerabilities