Description

User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by comparing the request's response time.

Remediation

References

CVE-2024-26268

Related Vulnerabilities

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-19995)

WordPress Plugin PublishPress Future: Automatically Unpublish WordPress Posts Security Bypass (2.5.1)

phpMyAdmin Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4729)

WordPress Plugin Redirection Multiple Cross-Site Scripting Vulnerabilities (2.2.11)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-31551)

Severity

Medium

Classification

CVE-2024-26268 CWE-203 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities