Description

Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field

Remediation

References

CVE-2024-11993

Related Vulnerabilities

WordPress Plugin Auto Post to Social Media-WordPress to Buffer Cross-Site Scripting (3.7.4)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0005)

WordPress Plugin CF7 Invisible reCAPTCHA Cross-Site Request Forgery (1.3.3)

phpMyAdmin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2009-1285)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4569)

Severity

Medium

Classification

CVE-2024-11993 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities