Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-11993)

Description

Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field

Remediation

References

CVE-2024-11993

Related Vulnerabilities

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-7987)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-5487)

WordPress Plugin Video Gallery-Best WordPress YouTube Gallery Multiple Vulnerabilities (1.7.6)

WordPress Plugin Trashbin 'mtb_undelete' Parameter Cross-Site Scripting (0.1)

WordPress Plugin Custom Background 'uploadify.php' Arbitrary File Upload (1.01)

Severity

Medium

Classification

CVE-2024-11993 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N