CVE-2024-26269

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-26269

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26269.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-26269

Aliases

GHSA-rwhv-hvj2-qrqm

Published

2024-02-21T03:15:09Z

Modified

2025-02-25T19:49:24Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cross-site scripting (XSS) vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via the anchor (hash) part of a URL.

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26269

Affected packages

Git / github.com/liferay/liferay-portal

Affected ranges

Type: GIT
Repo: https://github.com/liferay/liferay-portal
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

529f1c34430810ef27fdd197c6513c11dbd9ea5e