2 matches found
CVE-2024-25151
The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not escape user supplied data in the default notification email template, which allows remote...
CVE-2024-25151
CVE-2024-25151 affects Liferay Portal 7.2.0–7.4.2 and Liferay DXP 7.3 before SP3, 7.2 before FP15, and older versions. The Calendar module does not escape user-supplied data in the default notification email template, enabling remote authenticated users to inject script/HTML via the calendar even...