5 matches found
CVE-2024-25148
In Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions the doAsUserId URL parameter may get leaked when creating linked content using the WYSIWYG editor and while impersonating a user...
CVE-2024-25148
creationtimestamp| type| source ---|---|--- 2024-02-08 05:31:40+00:00| seen| https://t.me/ctinow/181163 2024-03-02 07:36:44+00:00| seen| https://t.me/ctinow/198253...
CVE-2024-25148
In Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions the doAsUserId URL parameter may get leaked when creating linked content using the WYSIWYG editor and while impersonating a user...
CVE-2024-25148
In Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions the doAsUserId URL parameter may get leaked when creating linked content using the WYSIWYG editor and while impersonating a user...
CVE-2024-25148
CVE-2024-25148 affects Liferay Portal versions 7.2.0–7.4.1 and certain Liferay DXP/older unsupported releases. The vulnerability stems from leakage of the doAsUserId URL parameter when creating linked content with the WYSIWYG editor and while impersonating a user, enabling remote authenticated us...