Description

Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field

Remediation

References

CVE-2024-11993

Related Vulnerabilities

Mailman Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-6893)

TYPO3 Uncontrolled Recursion Vulnerability (CVE-2022-23500)

WordPress Plugin Token Manager 'tid' Parameter Multiple Cross-Site Scripting Vulnerabilities (1.0.2)

Apache HTTP Server Resource Management Errors Vulnerability (CVE-2016-8740)

WordPress Plugin Contact Form Email Multiple Vulnerabilities (1.1.4)

Severity

Medium

Classification

CVE-2024-11993 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities