Description

The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a denial-of-service (DoS) via a self referencing IFrame.

Remediation

References

CVE-2024-25144

Related Vulnerabilities

MySQL CVE-2018-3277 Vulnerability (CVE-2018-3277)

Java Unspesificed Vulnerability (CVE-2019-2684)

Oracle JRE CVE-2021-2388 Vulnerability (CVE-2021-2388)

PHP Numeric Errors Vulnerability (CVE-2016-10158)

Ruby on Rails Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-8162)

Severity

Medium

Classification

CVE-2024-25144 CWE-834 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities