- Description
- Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.1.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38, 7.3 GA through update 36, 7.2 GA through fix pack 20 and 7.1 GA through fix pack 28 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field
- Source
- security@liferay.com
- NVD status
- Analyzed
CVSS 4.0
- Type
- Secondary
- Base score
- 4.6
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- security@liferay.com
- CWE-79
- Hype score
- Not currently trending
🚨 CVE-2024-11993 (Published: 2024-12-17) - A high-severity vulnerability in Liferay affects multiple versions. Users are urged to update to the latest release to mitigate risks. For detailed remediation steps, visit: https://t.co/5AsLPTnRT8 #CyberSecurity #Liferay
@transilienceai
18 Dec 2024
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-11993 (Published: 2024-12-17) - A high-severity vulnerability in Liferay affects multiple versions. Ensure your systems are updated to the latest release to mitigate risks. For detailed remediation steps, visit: https://t.co/5AsLPTnRT8 #CyberSecurity #Liferay
@transilienceai
18 Dec 2024
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11993 Reflected XSS Vulnerability in Liferay Portal Allows Remote Script Execution Liferay Portal versions 7.1.0 to 7.4.3.38, and Liferay DXP versions 7.4 GA to update 38, 7.3 GA to update 36, 7.2 GA to ... https://t.co/5tvWLJrEMv
@VulmonFeeds
17 Dec 2024
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DA343855-76B8-47E3-BBB3-31374B1CD8BA",
"versionEndExcluding": "7.4.3.39",
"versionStartIncluding": "7.1.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9DDBD8B4-51C6-4D66-8B59-E61BEDF90D30",
"versionEndExcluding": "7.4",
"versionStartIncluding": "7.1"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "96E84DBC-C740-4E23-8D1D-83C8AE49813E"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8B1B2384-764F-43CC-8206-36DCBE9DDCBF"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update10:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C7B02106-D5EA-4A59-A959-CCE2AC8F55BC"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update11:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "80204464-5DC5-4A52-B844-C833A96E6BD4"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update12:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6F8A5D02-0B45-4DA9-ACD8-42C1BFF62827"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update13:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38DA7C99-AC2C-4B9A-B611-4697159E1D79"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update14:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F264AD07-D105-4F00-8920-6D8146E4FA63"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update15:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C929CF16-4725-492A-872B-0928FE388FC9"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update16:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1B8750A1-E481-48D4-84F4-97D1ABE15B46"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update17:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "454F8410-D9AC-481E-841C-60F0DF2CC25E"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update18:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D1A442EE-460F-4823-B9EF-4421050F0847"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update19:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "608B205D-0B79-4D1C-B2C1-64C31DB1896E"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "10B863B8-201D-494C-8175-168820996174"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update20:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4427DC78-E80C-4057-A295-B0731437A99E"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update21:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "22B6B8C1-1FF3-41BC-9576-16193AE20CC7"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update22:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DDA17F24-1A7E-4BEB-9C98-41761A2A36A2"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update23:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3B062851-CE6B-44F4-8222-422EC9872EC3"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update24:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D4687FDA-0078-4E89-ADD8-7EDDA68261A4"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update25:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7EA29B09-CC24-4063-96A5-96AA08C0886D"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update26:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "331FC246-D3E9-4711-B305-BE51BF743CF7"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update27:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A5823BC0-8C11-4C31-9E99-3C9D82918E2A"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update28:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E2E6CB66-1AE1-4626-8070-64C250ED8363"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update29:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B63449AA-6831-4290-B1FA-0BB806820402"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CBF766CE-CBB8-472A-BAF0-BD39A7BCB4DE"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update30:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B3B169F6-B8B8-4612-AD7D-F75CC6A9297B"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update31:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "12D46756-D26D-4877-ACE8-1C2721908428"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update32:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5403DCEF-20C2-4568-8DF1-30804F522915"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update33:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "90E39742-90BE-4DEB-AB78-F9B8F7333F9A"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update34:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9D07DB20-9DCF-4C05-99D2-F6B37A082C14"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update35:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "341D1157-8118-4BD3-A902-36E90E066706"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update36:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1AB71307-7EAA-436A-9CBC-5A94F034FB48"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update37:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9446B3A5-6647-416C-92AF-7B6E0E929765"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update38:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "06386C7A-CAA1-4FC4-9182-5A66342FB903"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "182FAA46-D9FB-4170-B305-BAD0DF6E5DE9"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DF1BB9E6-D690-4C12-AEF0-4BD712869CBA"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "653A0452-070F-4312-B94A-F5BCB01B9BDC"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "15B67345-D0AF-4BFD-A62D-870F75306A4F"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DE1F4262-A054-48CC-BF1D-AA77A94FFFE4"
},
{
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update9:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D176CECA-2821-49EA-86EC-1184C133C0A3"
}
],
"operator": "OR"
}
]
}
]