CVE-2024-26269

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-26269
Cross-site scripting (XSS) vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via the anchor (hash) part of a URL.

9.6 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26269 Vendor Advisory
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26269 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:-:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_1:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_10:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_11:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_12:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_13:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_14:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_15:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_16:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_17:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_18:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_19:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_2:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_3:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_4:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_5:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_6:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_7:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_8:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_9:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_1:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_2:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_3:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_4:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_5:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_6:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_7:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.3:-:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.3:fix_pack_1:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.3:fix_pack_2:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.3:service_pack_1:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.3:service_pack_3:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.3:update10:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.3:update4:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.3:update5:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.3:update6:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.3:update7:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.3:update8:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.3:update9:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:-:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update1:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update10:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update11:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update12:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update13:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update14:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update15:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update16:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update17:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update18:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update19:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update2:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update20:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update21:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update22:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update23:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update24:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update25:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update26:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update27:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update28:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update29:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update3:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update30:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update31:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update32:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update33:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update34:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update35:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update36:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update37:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update4:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update5:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update6:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update7:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update8:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update9:*:*:*:*:*:*
History

28 Jan 2025, 02:31

Type Values Removed Values Added
First Time Liferay liferay Portal
Liferay digital Experience Platform
Liferay
References () https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26269 - () https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26269 - Vendor Advisory
CPE cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_19:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.3:fix_pack_2:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_3:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_4:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update36:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update33:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:-:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_6:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update34:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update26:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.3:update8:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_8:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_2:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update31:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_9:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.3:-:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update1:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update10:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_10:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update9:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:-:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_11:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update30:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_4:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update20:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_3:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update5:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.3:update5:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.3:service_pack_1:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_16:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.3:fix_pack_1:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update14:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update18:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update35:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update29:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.3:update7:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_18:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_14:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_13:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update22:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_15:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.3:update9:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update11:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update21:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update7:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.3:update4:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update24:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_7:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update32:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update3:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_12:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update2:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update19:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update23:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_2:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update27:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update17:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_6:*:*:*:*:*:*
cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.3:service_pack_3:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update25:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_1:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update37:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_17:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_5:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update8:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update15:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update4:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.3:update6:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update12:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_1:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_7:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.3:update10:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_5:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update16:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update6:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update28:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update13:*:*:*:*:*:*
Information

Published : 2024-02-21 03:15

Updated : 2025-01-28 02:31

NVD link : CVE-2024-26269

Mitre link : CVE-2024-26269

CVE.ORG link : CVE-2024-26269

JSON object : View

Products Affected

liferay

  • liferay_portal
  • digital_experience_platform
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')