CVE-2024-11993: Liferay Portal and Liferay DXP vulnerable to Criss-site Scripting

December 17, 2024

Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.1.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38, 7.3 GA through update 36, 7.2 GA through fix pack 20 and 7.1 GA through fix pack 28 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field

References

github.com/advisories/GHSA-4hxr-28mv-q729
github.com/liferay/liferay-portal
liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-11993
nvd.nist.gov/vuln/detail/CVE-2024-11993

Detect and mitigate CVE-2024-11993 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →