Vulnerability Description
The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a denial-of-service (DoS) via a self referencing IFrame.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Liferay | Digital Experience Platform | 7.2 |
| Liferay | Dxp | 7.3 |
| Liferay | Liferay Portal | >= 7.2.0, < 7.4.3.26 |
Related Weaknesses (CWE)
References
- https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jektVendor Advisory
- https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jektVendor Advisory
FAQ
What is CVE-2024-25144?
CVE-2024-25144 is a vulnerability with a CVSS score of 4.1 (MEDIUM). The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported ver...
How severe is CVE-2024-25144?
CVE-2024-25144 has been rated MEDIUM with a CVSS base score of 4.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-25144?
Check the references section above for vendor advisories and patch information. Affected products include: Liferay Digital Experience Platform, Liferay Dxp, Liferay Liferay Portal.