CVE-2024-25145

🗓️ 07 Feb 2024 14:57:33Reported by LiferayType

Stored XSS in Liferay Portal 7.2-7.4.3.11 & DXP 7.4 before update

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2024-25145	7 Feb 202416:22	–	circl
CNNVD	Liferay Portal and Liferay DXP Cross-Site Scripting Vulnerabilities	7 Feb 202400:00	–	cnnvd
Cvelist	CVE-2024-25145	7 Feb 202414:57	–	cvelist
EUVD	EUVD-2024-0601	3 Oct 202520:07	–	euvd
Github Security Blog	Liferay Portal stored cross-site scripting (XSS) vulnerability	7 Feb 202415:30	–	github
NVD	CVE-2024-25145	7 Feb 202415:15	–	nvd
OSV	CVE-2024-25145	7 Feb 202415:15	–	osv
OSV	GHSA-9VGQ-W5PV-V77Q Liferay Portal stored cross-site scripting (XSS) vulnerability	7 Feb 202415:30	–	osv
Prion	Cross site scripting	7 Feb 202415:15	–	prion
RedhatCVE	CVE-2024-25145	5 Feb 202513:06	–	redhatcve

NVD

Vulners

Vulnrichment

Node

liferay digital_experience_platformRange<7.2

liferay digital_experience_platformMatch7.2-

liferay digital_experience_platformMatch7.2fix_pack_1

liferay digital_experience_platformMatch7.2fix_pack_10

liferay digital_experience_platformMatch7.2fix_pack_11

liferay digital_experience_platformMatch7.2fix_pack_12

liferay digital_experience_platformMatch7.2fix_pack_13

liferay digital_experience_platformMatch7.2fix_pack_14

liferay digital_experience_platformMatch7.2fix_pack_15

liferay digital_experience_platformMatch7.2fix_pack_2

liferay digital_experience_platformMatch7.2fix_pack_3

liferay digital_experience_platformMatch7.2fix_pack_4

liferay digital_experience_platformMatch7.2fix_pack_5

liferay digital_experience_platformMatch7.2fix_pack_6

liferay digital_experience_platformMatch7.2fix_pack_7

liferay digital_experience_platformMatch7.2fix_pack_8

liferay digital_experience_platformMatch7.2fix_pack_9

liferay dxpMatch7.3-

liferay dxpMatch7.3fix_pack_2

liferay dxpMatch7.3sp1

liferay dxpMatch7.3sp2

liferay dxpMatch7.3sp3

liferay dxpMatch7.3update_1

liferay dxpMatch7.3update_2

liferay dxpMatch7.3update_3

liferay dxpMatch7.4-

liferay dxpMatch7.4update_1

liferay dxpMatch7.4update_2

liferay dxpMatch7.4update_3

liferay dxpMatch7.4update_4

liferay dxpMatch7.4update_5

liferay dxpMatch7.4update_6

liferay dxpMatch7.4update_7

liferay liferay_portalRange≤7.2.1

liferay liferay_portalRange7.3.0–7.3.7

liferay liferay_portalRange7.4.0–7.4.3.12

[
  {
    "defaultStatus": "unknown",
    "product": "Portal",
    "vendor": "Liferay",
    "versions": [
      {
        "lessThanOrEqual": "7.4.3.11",
        "status": "affected",
        "version": "7.2.0",
        "versionType": "maven"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "DXP",
    "vendor": "Liferay",
    "versions": [
      {
        "lessThanOrEqual": "7.4.13.u7",
        "status": "affected",
        "version": "7.4.13",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "7.3.10-dxp-3",
        "status": "affected",
        "version": "7.3.10",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "7.2.10-dxp-16",
        "status": "affected",
        "version": "7.2.10",
        "versionType": "maven"
      }
    ]
  }
]

Source	Link
liferay	www.liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25145

13 May 2025 18:17Current

5Medium risk

Vulners AI Score5

CVSS 3.15.4 - 9.6

EPSS0.00152

SSVC

CWE-79