admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-262xx/CVE-2024-26269.json
cad-safe-bot 9d8babeec3 Auto-Update: 2024-07-14T02:00:17.787041+00:00
2024-07-14 02:06:08 +00:00

60 lines
2.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-26269",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-21T03:15:09.527",
"lastModified": "2024-02-22T19:07:37.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via the anchor (hash) part of a URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-site scripting (XSS) en el portlet.js del m\u00f3dulo Frontend JS en Liferay Portal 7.2.0 hasta 7.4.3.37 y Liferay DXP 7.4 antes de la actualizaci\u00f3n 38, 7.3 antes de la actualizaci\u00f3n 11, 7.2 antes del fixpack 20 y versiones anteriores no compatibles permite a atacantes remotos inyectar script web o HTML arbitrario a trav\u00e9s de la parte de anclaje (hash) de una URL."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@liferay.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@liferay.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26269",
"source": "security@liferay.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink