CVE-2024-26269

🗓️ 21 Feb 2024 02:39:41Reported by LiferayType

XSS vulnerability in Liferay Portal 7.2 - 7.4.3.37 & DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix pack 20 & older versions

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2024-26269	21 Feb 202404:21	–	circl
CNNVD	Liferay Portal and Liferay DXP Security Vulnerabilities	21 Feb 202400:00	–	cnnvd
Cvelist	CVE-2024-26269	21 Feb 202402:39	–	cvelist
EUVD	EUVD-2024-0722	3 Oct 202520:07	–	euvd
Github Security Blog	Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting	21 Feb 202403:30	–	github
NCSC	Vulnerabilities fixed in Liferay Portal and DXP	22 Feb 202400:00	–	ncsc
NVD	CVE-2024-26269	21 Feb 202403:15	–	nvd
OSV	CVE-2024-26269	21 Feb 202403:15	–	osv
OSV	GHSA-RWHV-HVJ2-QRQM Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting	21 Feb 202403:30	–	osv
Prion	Cross site scripting	21 Feb 202403:15	–	prion

NVD

Vulners

Vulnrichment

Node

liferay liferay_portalRange7.2.0–7.4.3.38

Node

liferay digital_experience_platformRange<7.2

liferay digital_experience_platformMatch7.2-

liferay digital_experience_platformMatch7.2fix_pack_1

liferay digital_experience_platformMatch7.2fix_pack_10

liferay digital_experience_platformMatch7.2fix_pack_11

liferay digital_experience_platformMatch7.2fix_pack_12

liferay digital_experience_platformMatch7.2fix_pack_13

liferay digital_experience_platformMatch7.2fix_pack_14

liferay digital_experience_platformMatch7.2fix_pack_15

liferay digital_experience_platformMatch7.2fix_pack_16

liferay digital_experience_platformMatch7.2fix_pack_17

liferay digital_experience_platformMatch7.2fix_pack_18

liferay digital_experience_platformMatch7.2fix_pack_19

liferay digital_experience_platformMatch7.2fix_pack_2

liferay digital_experience_platformMatch7.2fix_pack_3

liferay digital_experience_platformMatch7.2fix_pack_4

liferay digital_experience_platformMatch7.2fix_pack_5

liferay digital_experience_platformMatch7.2fix_pack_6

liferay digital_experience_platformMatch7.2fix_pack_7

liferay digital_experience_platformMatch7.2fix_pack_8

liferay digital_experience_platformMatch7.2fix_pack_9

liferay digital_experience_platformMatch7.2service_pack_1

liferay digital_experience_platformMatch7.2service_pack_2

liferay digital_experience_platformMatch7.2service_pack_3

liferay digital_experience_platformMatch7.2service_pack_4

liferay digital_experience_platformMatch7.2service_pack_5

liferay digital_experience_platformMatch7.2service_pack_6

liferay digital_experience_platformMatch7.2service_pack_7

liferay digital_experience_platformMatch7.3-

liferay digital_experience_platformMatch7.3fix_pack_1

liferay digital_experience_platformMatch7.3fix_pack_2

liferay digital_experience_platformMatch7.3service_pack_1

liferay digital_experience_platformMatch7.3service_pack_3

liferay digital_experience_platformMatch7.3update10

liferay digital_experience_platformMatch7.3update4

liferay digital_experience_platformMatch7.3update5

liferay digital_experience_platformMatch7.3update6

liferay digital_experience_platformMatch7.3update7

liferay digital_experience_platformMatch7.3update8

liferay digital_experience_platformMatch7.3update9

liferay digital_experience_platformMatch7.4-

liferay digital_experience_platformMatch7.4update1

liferay digital_experience_platformMatch7.4update10

liferay digital_experience_platformMatch7.4update11

liferay digital_experience_platformMatch7.4update12

liferay digital_experience_platformMatch7.4update13

liferay digital_experience_platformMatch7.4update14

liferay digital_experience_platformMatch7.4update15

liferay digital_experience_platformMatch7.4update16

liferay digital_experience_platformMatch7.4update17

liferay digital_experience_platformMatch7.4update18

liferay digital_experience_platformMatch7.4update19

liferay digital_experience_platformMatch7.4update2

liferay digital_experience_platformMatch7.4update20

liferay digital_experience_platformMatch7.4update21

liferay digital_experience_platformMatch7.4update22

liferay digital_experience_platformMatch7.4update23

liferay digital_experience_platformMatch7.4update24

liferay digital_experience_platformMatch7.4update25

liferay digital_experience_platformMatch7.4update26

liferay digital_experience_platformMatch7.4update27

liferay digital_experience_platformMatch7.4update28

liferay digital_experience_platformMatch7.4update29

liferay digital_experience_platformMatch7.4update3

liferay digital_experience_platformMatch7.4update30

liferay digital_experience_platformMatch7.4update31

liferay digital_experience_platformMatch7.4update32

liferay digital_experience_platformMatch7.4update33

liferay digital_experience_platformMatch7.4update34

liferay digital_experience_platformMatch7.4update35

liferay digital_experience_platformMatch7.4update36

liferay digital_experience_platformMatch7.4update37

liferay digital_experience_platformMatch7.4update4

liferay digital_experience_platformMatch7.4update5

liferay digital_experience_platformMatch7.4update6

liferay digital_experience_platformMatch7.4update7

liferay digital_experience_platformMatch7.4update8

liferay digital_experience_platformMatch7.4update9

[
  {
    "defaultStatus": "unaffected",
    "product": "Portal",
    "vendor": "Liferay",
    "versions": [
      {
        "lessThanOrEqual": "7.4.3.37",
        "status": "affected",
        "version": "7.2.0",
        "versionType": "maven"
      }
    ]
  },
  {
    "defaultStatus": "unknown",
    "product": "DXP",
    "vendor": "Liferay",
    "versions": [
      {
        "lessThanOrEqual": "7.4.13.u37",
        "status": "affected",
        "version": "7.4.13",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "7.3.10.u10",
        "status": "affected",
        "version": "7.3.10",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "7.2.10-dxp-19",
        "status": "affected",
        "version": "7.2.10",
        "versionType": "maven"
      }
    ]
  }
]

Source	Link
liferay	www.liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26269

28 Jan 2025 02:31Current

7.5High risk

Vulners AI Score7.5

CVSS 3.16.1 - 9.6

EPSS0.00147

SSVC

CWE-79