Dxp@7.4 Security Vulnerabilities and Issues — Dxp@7.4 CVE List

Lucene search

LiferayDxp7.4

2 matches found

CVE•added 2024/02/07 3:15 p.m.•65 views

CVE-2024-25145

Stored cross-site scripting (XSS) vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 through 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before update 8, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote au...

9.6CVSS5AI score0.00152EPSS

CVE•added 2024/02/08 4:15 a.m.•49 views

CVE-2024-25144

The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a deni...

6.5CVSS6.1AI score0.00318EPSS