An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS13Mjc1LW04Y3ItaGYyds4AA5J4

Liferay Portal denial-of-service vulnerability

The IFrame widget in Liferay Portal 7.2.0 through, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a denial-of-service (DoS) via a self referencing IFrame.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 22 days ago
Updated: 10 days ago

CVSS Score: 4.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L

Identifiers: GHSA-w275-m8cr-hf2v, CVE-2024-25144

Affected Packages
Versions: >= 7.4.0, < 7.4.13.u27, >= 7.3.0, < 7.3.10.u6, >= 7.2.0, < 7.2.10.fp19
Fixed in: 7.4.13.u27, 7.3.10.u6, 7.2.10.fp19
Versions: >= 7.2.0, <
Fixed in: