Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofing

🗓️ 21 Feb 2024 06:32:30Reported by GoogleType

osv🔗 osv.dev👁 11 Views

Liferay Portal & DXP XSS and Content Spoofing Vulnerabilit

Reporter	Title	Published	Views	Family All 8
Veracode	Cross-site Scripting (XSS)	22 Feb 202407:21	–	veracode
Cvelist	CVE-2024-25151	21 Feb 202403:17	–	cvelist
CVE	CVE-2024-25151	21 Feb 202404:15	–	cve
Github Security Blog	Liferay Portal Calendar module and Liferay DXP vulnerable to Cross-site Scripting, content spoofing	21 Feb 202406:30	–	github
Vulnrichment	CVE-2024-25151	21 Feb 202403:17	–	vulnrichment
NVD	CVE-2024-25151	21 Feb 202404:15	–	nvd
Prion	Cross site scripting	21 Feb 202404:15	–	prion
Tenable Nessus	Liferay Portal 7.4.x < 7.4.3.4 Multiple Vulnerabilities	23 Feb 202400:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-25151
github	www.github.com/liferay/liferay-portal
liferay	www.liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25151

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

21 Feb 2024 06:30Current

5.6Medium risk

Vulners AI Score5.6

CVSS35.4

EPSS0.00053

SSVC