Lucene search
GoogleOSV:CVE-2024-25145HistoryFeb 07, 2024 - 3:15 p.m.
CVE-2024-25145
2024-02-0715:15:09
Google
osv.dev
5
stored cross-site scripting vulnerability
portal search module
liferay portal
liferay dxp
remote authenticated users
arbitrary web script injection
html injection
search result app
highlighting disabled
searchable content
Stored cross-site scripting (XSS) vulnerability in the Portal Search module’s Search Result app in Liferay Portal 7.2.0 through 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before update 8, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML into the Search Result app’s search result if highlighting is disabled by adding any searchable content (e.g., blog, message board message, web content article) to the application.
Related
cvelist
cvelist
CVE-2024-25145
2024-02-07 14:57:33
nvd
nvd
CVE-2024-25145
2024-02-07 15:15:09
prion
prion
Cross site scripting
2024-02-07 15:15:00
cve
cve
CVE-2024-25145
2024-02-07 15:15:09
osv
osv
Liferay Portal stored cross-site scripting (XSS) vulnerability
2024-02-07 15:30:50
veracode
veracode
Cross Site Scripting (XSS)
2024-02-08 10:47:15
github
github
Liferay Portal stored cross-site scripting (XSS) vulnerability
2024-02-07 15:30:50