1. Home
  2. Vulnerabilities
  3. CVE-2024-25145

CVE-2024-25145

CVSS v3.1 5.4 (Medium)
54% Progress
EPSS 0.05 % (19th)
0.05% Progress
Affected Products 2
Advisories 1
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Graph Web & Social Timeline

Stored cross-site scripting (XSS) vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 through 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before update 8, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML into the Search Result app's search result if highlighting is disabled by adding any searchable content (e.g., blog, message board message, web content article) to the application.

Weaknesses
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE Status
PUBLISHED
CNA
Liferay Inc.
Published Date
2024-02-07 15:15:09
(7 months ago)
Updated Date
2024-02-15 15:10:35
(7 months ago)

Affected Products

Liferay

Configuration #1

    CPE23 From Up To
  Liferay Dxp prior 7.2 version cpe:2.3:a:liferay:dxp < 7.2
  Liferay Dxp 7.2 cpe:2.3:a:liferay:dxp:7.2:-
  Liferay Dxp 7.2 Fix Pack 1 cpe:2.3:a:liferay:dxp:7.2:fix_pack_1
  Liferay Dxp 7.2 Fix Pack 10 cpe:2.3:a:liferay:dxp:7.2:fix_pack_10
  Liferay Dxp 7.2 Fix Pack 11 cpe:2.3:a:liferay:dxp:7.2:fix_pack_11
  Liferay Dxp 7.2 Fix Pack 12 cpe:2.3:a:liferay:dxp:7.2:fix_pack_12
  Liferay Dxp 7.2 Fix Pack 13 cpe:2.3:a:liferay:dxp:7.2:fix_pack_13
  Liferay Dxp 7.2 Fix Pack 14 cpe:2.3:a:liferay:dxp:7.2:fix_pack_14
  Liferay Dxp 7.2 Fix Pack 15 cpe:2.3:a:liferay:dxp:7.2:fix_pack_15
  Liferay Dxp 7.2 Fix Pack 2 cpe:2.3:a:liferay:dxp:7.2:fix_pack_2
  Liferay Dxp 7.2 Fix Pack 3 cpe:2.3:a:liferay:dxp:7.2:fix_pack_3
  Liferay Dxp 7.2 Fix Pack 4 cpe:2.3:a:liferay:dxp:7.2:fix_pack_4
  Liferay Dxp 7.2 Fix Pack 5 cpe:2.3:a:liferay:dxp:7.2:fix_pack_5
  Liferay Dxp 7.2 Fix Pack 6 cpe:2.3:a:liferay:dxp:7.2:fix_pack_6
  Liferay Dxp 7.2 Fix Pack 7 cpe:2.3:a:liferay:dxp:7.2:fix_pack_7
  Liferay Dxp 7.2 Fix Pack 8 cpe:2.3:a:liferay:dxp:7.2:fix_pack_8
  Liferay Dxp 7.2 Fix Pack 9 cpe:2.3:a:liferay:dxp:7.2:fix_pack_9
  Liferay Dxp 7.3 cpe:2.3:a:liferay:dxp:7.3:-
  Liferay Dxp 7.3 Fix Pack 2 cpe:2.3:a:liferay:dxp:7.3:fix_pack_2
  Liferay Dxp 7.3 SP1 cpe:2.3:a:liferay:dxp:7.3:sp1
  Liferay Dxp 7.3 SP2 cpe:2.3:a:liferay:dxp:7.3:sp2
  Liferay Dxp 7.3 SP3 cpe:2.3:a:liferay:dxp:7.3:sp3
  Liferay Dxp 7.3 Update 1 cpe:2.3:a:liferay:dxp:7.3:update_1
  Liferay Dxp 7.3 Update 2 cpe:2.3:a:liferay:dxp:7.3:update_2
  Liferay Dxp 7.3 Update 3 cpe:2.3:a:liferay:dxp:7.3:update_3
  Liferay Dxp 7.4 cpe:2.3:a:liferay:dxp:7.4:-
  Liferay Dxp 7.4 Update 1 cpe:2.3:a:liferay:dxp:7.4:update_1
  Liferay Dxp 7.4 Update 2 cpe:2.3:a:liferay:dxp:7.4:update_2
  Liferay Dxp 7.4 Update 3 cpe:2.3:a:liferay:dxp:7.4:update_3
  Liferay Dxp 7.4 Update 4 cpe:2.3:a:liferay:dxp:7.4:update_4
  Liferay Dxp 7.4 Update 5 cpe:2.3:a:liferay:dxp:7.4:update_5
  Liferay Dxp 7.4 Update 6 cpe:2.3:a:liferay:dxp:7.4:update_6
  Liferay Dxp 7.4 Update 7 cpe:2.3:a:liferay:dxp:7.4:update_7
  Liferay Portal 7.2.1 and prior versions cpe:2.3:a:liferay:liferay_portal <= 7.2.1
  Liferay Portal from 7.3.0 version and 7.3.7 and prior versions cpe:2.3:a:liferay:liferay_portal >= 7.3.0 <= 7.3.7
  Liferay Portal from 7.4.0 version and prior 7.4.3.12 version cpe:2.3:a:liferay:liferay_portal >= 7.4.0 < 7.4.3.12