CVE-2024-25147

🗓️ 21 Feb 2024 01:16:21Reported by LiferayType

CVE-2024-25147 XSS vulnerability in Liferay Portal 7.2.0 through 7.4.

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2024-25147	21 Feb 202403:21	–	circl
CNNVD	Liferay Portal and Liferay DXP Security Vulnerabilities	21 Feb 202400:00	–	cnnvd
Cvelist	CVE-2024-25147	21 Feb 202401:16	–	cvelist
EUVD	EUVD-2024-0769	3 Oct 202520:07	–	euvd
Github Security Blog	Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting	21 Feb 202403:30	–	github
NVD	CVE-2024-25147	21 Feb 202402:15	–	nvd
OSV	CVE-2024-25147	21 Feb 202402:15	–	osv
OSV	GHSA-XPJG-7HX7-WGCX Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting	21 Feb 202403:30	–	osv
Prion	Cross site scripting	21 Feb 202402:15	–	prion
RedhatCVE	CVE-2024-25147	5 Feb 202513:09	–	redhatcve

NVD

Vulners

Vulnrichment

Node

liferay liferay_portalRange<7.4.2

Node

liferay digital_experience_platformRange<7.2

liferay digital_experience_platformMatch7.2-

liferay digital_experience_platformMatch7.2fix_pack_1

liferay digital_experience_platformMatch7.2fix_pack_10

liferay digital_experience_platformMatch7.2fix_pack_11

liferay digital_experience_platformMatch7.2fix_pack_12

liferay digital_experience_platformMatch7.2fix_pack_13

liferay digital_experience_platformMatch7.2fix_pack_14

liferay digital_experience_platformMatch7.2fix_pack_2

liferay digital_experience_platformMatch7.2fix_pack_3

liferay digital_experience_platformMatch7.2fix_pack_4

liferay digital_experience_platformMatch7.2fix_pack_5

liferay digital_experience_platformMatch7.2fix_pack_6

liferay digital_experience_platformMatch7.2fix_pack_7

liferay digital_experience_platformMatch7.2fix_pack_8

liferay digital_experience_platformMatch7.2fix_pack_9

liferay digital_experience_platformMatch7.2service_pack_1

liferay digital_experience_platformMatch7.2service_pack_2

liferay digital_experience_platformMatch7.2service_pack_3

liferay digital_experience_platformMatch7.2service_pack_4

liferay digital_experience_platformMatch7.2service_pack_5

liferay digital_experience_platformMatch7.3-

liferay digital_experience_platformMatch7.3fix_pack_1

liferay digital_experience_platformMatch7.3fix_pack_2

liferay digital_experience_platformMatch7.3service_pack_1

[
  {
    "defaultStatus": "unknown",
    "product": "Portal",
    "vendor": "Liferay",
    "versions": [
      {
        "lessThanOrEqual": "7.4.1",
        "status": "affected",
        "version": "7.2.0",
        "versionType": "maven"
      }
    ]
  },
  {
    "defaultStatus": "unknown",
    "product": "DXP",
    "vendor": "Liferay",
    "versions": [
      {
        "lessThanOrEqual": "7.3.10-dxp-2",
        "status": "affected",
        "version": "7.3.10",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "7.2.10-dxp-14",
        "status": "affected",
        "version": "7.2.10",
        "versionType": "maven"
      }
    ]
  }
]

Source	Link
liferay	www.liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25147

28 Jan 2025 21:25Current

7.5High risk

Vulners AI Score7.5

CVSS 3.16.1 - 9.6

EPSS0.00147

SSVC

CWE-79