Description

Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field

Remediation

References

CVE-2024-11993

Related Vulnerabilities

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-4525)

MySQL CVE-2014-6494 Vulnerability (CVE-2014-6494)

Joomla Deserialization of Untrusted Data Vulnerability (CVE-2019-7743)

IBM RTC CVE-2017-1191 Vulnerability (CVE-2017-1191)

WordPress Plugin WP Poll Maker-Best WordPress Poll for Voting Contest Arbitrary File Upload (3.4)

Severity

Medium

Classification

CVE-2024-11993 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities