2 matches found
CVE-2024-25610
CVE-2024-25610 affects Liferay Portal 7.2.0–7.4.3.12 and Liferay DXP 7.2–7.4 with specific updates. The root cause is a default configuration that does not sanitize JavaScript in blog content, allowing remote authenticated users to inject arbitrary web script or HTML (XSS) via a crafted payload i...
CVE-2024-25610
In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions, the default configuration does not sanitize blog entries of JavaScript, which allows remote authenticated use...