Description

The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a denial-of-service (DoS) via a self referencing IFrame.

Remediation

References

CVE-2024-25144

Related Vulnerabilities

Dolibarr Incorrect Authorization Vulnerability (CVE-2020-12669)

MySQL CVE-2015-4826 Vulnerability (CVE-2015-4826)

XWiki Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2022-23619)

MySQL CVE-2022-21638 Vulnerability (CVE-2022-21638)

WordPress 2.0.9 Multiple Vulnerabilities (2.0 - 2.0.9)

Severity

Medium

Classification

CVE-2024-25144 CWE-834 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities