Description

Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page's title by enumerating user screen names.

Remediation

References

CVE-2024-25150

Related Vulnerabilities

WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-8354)

WordPress Plugin WORDPRESS VIDEO GALLERY SQL Injection (2.0)

Liferay Portal Origin Validation Error Vulnerability (CVE-2022-25146)

WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk SQL Injection (5.153.3)

Liferay DXP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2025-43762)

Severity

Medium

Classification

CVE-2024-25150 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities