CVE-2024-25151
CVE-2024-25151 affects Liferay Portal 7.2.0–7.4.2 and Liferay DXP 7.3 before SP3, 7.2 before FP15, and older versions. The Calendar module does not escape user-supplied data in the default notification email template, enabling remote authenticated users to inject script/HTML via the calendar even...