CVE-2024-25145

🗓️ 07 Feb 2024 14:57:33Reported by LiferayType

Security vulnerability in Liferay Portal Search modul

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2024-25145	7 Feb 202416:22	–	circl
CNNVD	Liferay Portal and Liferay DXP Cross-Site Scripting Vulnerabilities	7 Feb 202400:00	–	cnnvd
CVE	CVE-2024-25145	7 Feb 202414:57	–	cve
EUVD	EUVD-2024-0601	3 Oct 202520:07	–	euvd
Github Security Blog	Liferay Portal stored cross-site scripting (XSS) vulnerability	7 Feb 202415:30	–	github
NVD	CVE-2024-25145	7 Feb 202415:15	–	nvd
OSV	CVE-2024-25145	7 Feb 202415:15	–	osv
OSV	GHSA-9VGQ-W5PV-V77Q Liferay Portal stored cross-site scripting (XSS) vulnerability	7 Feb 202415:30	–	osv
Prion	Cross site scripting	7 Feb 202415:15	–	prion
RedhatCVE	CVE-2024-25145	5 Feb 202513:06	–	redhatcve

[
  {
    "defaultStatus": "unknown",
    "product": "Portal",
    "vendor": "Liferay",
    "versions": [
      {
        "lessThanOrEqual": "7.4.3.11",
        "status": "affected",
        "version": "7.2.0",
        "versionType": "maven"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "DXP",
    "vendor": "Liferay",
    "versions": [
      {
        "lessThanOrEqual": "7.4.13.u7",
        "status": "affected",
        "version": "7.4.13",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "7.3.10-dxp-3",
        "status": "affected",
        "version": "7.3.10",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "7.2.10-dxp-16",
        "status": "affected",
        "version": "7.2.10",
        "versionType": "maven"
      }
    ]
  }
]

Source	Link
liferay	www.liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25145

07 Feb 2024 14:57Current

7.5High risk

Vulners AI Score7.5

CVSS 3.19.6

EPSS0.00563

CWE-79