CVE-2024-25610

CVSS 3.1 Score 9.0 of 10 (high)

Details

Published Feb 20, 2024

CWE ID 1188

Summary

CVE-2024-25610 is a vulnerability affecting Liferay Portal versions 7.2.0 through 7.4.3.12 and older unsupported editions, as well as Liferay DXP versions 7.4 before update 9, 7.3 before update 4, and 7.2 before fix pack 19. This security issue arises due to the default configuration not sanitizing JavaScript in blog entries. Consequently, authenticated remote users can inject arbitrary web scripts or HTML (Cross-Site Scripting or XSS) into a blog entry's content text field. This poses a significant risk to the affected systems, as attackers can potentially steal user credentials or gain unauthorized access.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/ucovE1
https://www.cve.org/CVERecord?id=CVE-2024-25610
https://nvd.nist.gov/vuln/detail/CVE-2024-25610

Back to Vulnerability Database

CVE-2024-25610

CVSS 3.1 Score 9.0 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations