Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-25602)

Description

Stored cross-site scripting (XSS) vulnerability in Users Admin module's edit user page in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into an organization’s “Name” text field

Remediation

References

Related Vulnerabilities

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2242)

MediaWiki Improper Privilege Management Vulnerability (CVE-2020-10534)

PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1903)

OpenSSL Other Vulnerability (CVE-2015-0208)

WordPress Plugin Events Made Easy Cross-Site Scripting (2.2.23)

Severity

Medium

Classification

CVE-2024-25602 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities