CVE-2024-26273
- Source
- https://cve.org/CVERecord?id=CVE-2024-26273
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26273.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-26273
- Aliases
- Published
- 2024-10-22T15:15:05.937Z
- Modified
- 2026-03-12T00:55:52.692350Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Cross-site request forgery (CSRF) vulnerability in the content page editor in Liferay Portal 7.4.0 through 7.4.3.103, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 update 29 through update 35 allows remote attackers to (1) change user passwords, (2) shut down the server, (3) execute arbitrary code in the scripting console, (4) and perform other administrative actions via the comliferaycommercecatalogwebinternalportletCommerceCatalogsPortlet_redirect parameter.
- References
Affected packages
Git / github.com/liferay/liferay-portal
Affected ranges
- Type
- GIT
- Repo
- https://github.com/liferay/liferay-portal
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroducedFixed
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "7.4-update1" }, { "introduced": "0" }, { "last_affected": "7.4-update2" }, { "introduced": "7.4.0" }, { "fixed": "7.4.3.104" } ] }
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "2023.q3.1"
},
{
"fixed": "2023.q3.6"
}
]
},
{
"events": [
{
"introduced": "2023.q4.0"
},
{
"fixed": "2023.q4.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update29"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update30"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update31"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update32"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update33"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update34"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update35"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-NA"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update10"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update11"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update12"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update13"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update14"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update15"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update16"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update17"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update18"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update19"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update20"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update21"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update22"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update23"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update24"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update25"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update26"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update27"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update28"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update29"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update30"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update31"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update32"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update33"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update34"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update35"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update36"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update37"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update38"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update39"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update40"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update41"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update42"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update43"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update44"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update45"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update46"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update47"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update48"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update49"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update50"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update51"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update52"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update53"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update54"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update55"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update56"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update57"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update58"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update59"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update60"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update61"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update62"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update63"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update64"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update65"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update66"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update67"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update68"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update69"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update70"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update71"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update72"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update73"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update74"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update75"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update76"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update77"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update78"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update79"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update80"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update81"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update82"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update83"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update84"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update85"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update86"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update87"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update88"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update89"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update9"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update90"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update91"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.4-update92"
}
]
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-26273.json"