← voltar
CVE-2024-25147

CVE-2024-25147

CVSS 9.6 CRITICALEPSS 0.6%CWE-79
Cross-site scripting (XSS) vulnerability in HtmlUtil.escapeJsLink in Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via crafted javascript: style links.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Produtos afetados
Liferay · DXPLiferay · Portal

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25147