Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-26266

Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported versions, and Liferay DXP 7.4 before update 10, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allow remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into the first/middle/last name text field of the user who creates an entry in the (1) Announcement widget, or (2) Alerts widget.

Published

2024-02-21T03:15:09.353

Last Modified

2025-01-28T02:33:22.940

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.0 (CRITICAL)

Weaknesses
  • Type: Secondary
    CWE-79
  • Type: Primary
    CWE-79
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application liferay liferay_portal < 7.4.3.14 Yes
Application liferay digital_experience_platform < 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.3 Yes
Application liferay digital_experience_platform 7.3 Yes
Application liferay digital_experience_platform 7.3 Yes
Application liferay digital_experience_platform 7.3 Yes
Application liferay digital_experience_platform 7.3 Yes
Application liferay digital_experience_platform 7.4 Yes
Application liferay digital_experience_platform 7.4 Yes
Application liferay digital_experience_platform 7.4 Yes
Application liferay digital_experience_platform 7.4 Yes
Application liferay digital_experience_platform 7.4 Yes
Application liferay digital_experience_platform 7.4 Yes
Application liferay digital_experience_platform 7.4 Yes
Application liferay digital_experience_platform 7.4 Yes
Application liferay digital_experience_platform 7.4 Yes
Application liferay digital_experience_platform 7.4 Yes
References