CVE-2024-11993

Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field

Published: Dec 17, 2024
Updated: May 4, 2025
CVE: CVE-2024-11993
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
liferay / liferay_portal	7.1.0	7.4.3.39
liferay / digital_experience_platform	7.4-update34	7.4-update34.x
liferay / digital_experience_platform	7.4-update1	7.4-update1.x
liferay / digital_experience_platform	7.4	7.4.x
liferay / digital_experience_platform	7.4-update36	7.4-update36.x
liferay / digital_experience_platform	7.4-update21	7.4-update21.x
liferay / digital_experience_platform	7.4-update2	7.4-update2.x
liferay / digital_experience_platform	7.4-update3	7.4-update3.x
liferay / digital_experience_platform	7.4-update4	7.4-update4.x
liferay / digital_experience_platform	7.4-update5	7.4-update5.x
liferay / digital_experience_platform	7.4-update6	7.4-update6.x
liferay / digital_experience_platform	7.4-update7	7.4-update7.x
liferay / digital_experience_platform	7.4-update8	7.4-update8.x
liferay / digital_experience_platform	7.4-update9	7.4-update9.x
liferay / digital_experience_platform	7.4-update10	7.4-update10.x
liferay / digital_experience_platform	7.4-update11	7.4-update11.x
liferay / digital_experience_platform	7.4-update12	7.4-update12.x
liferay / digital_experience_platform	7.4-update13	7.4-update13.x
liferay / digital_experience_platform	7.4-update14	7.4-update14.x
liferay / digital_experience_platform	7.1	7.4
liferay / digital_experience_platform	7.4-update15	7.4-update15.x
liferay / digital_experience_platform	7.4-update16	7.4-update16.x
liferay / digital_experience_platform	7.4-update17	7.4-update17.x
liferay / digital_experience_platform	7.4-update18	7.4-update18.x
liferay / digital_experience_platform	7.4-update19	7.4-update19.x
liferay / digital_experience_platform	7.4-update20	7.4-update20.x
liferay / digital_experience_platform	7.4-update22	7.4-update22.x
liferay / digital_experience_platform	7.4-update23	7.4-update23.x
liferay / digital_experience_platform	7.4-update24	7.4-update24.x
liferay / digital_experience_platform	7.4-update25	7.4-update25.x
liferay / digital_experience_platform	7.4-update26	7.4-update26.x
liferay / digital_experience_platform	7.4-update27	7.4-update27.x
liferay / digital_experience_platform	7.4-update28	7.4-update28.x
liferay / digital_experience_platform	7.4-update29	7.4-update29.x
liferay / digital_experience_platform	7.4-update30	7.4-update30.x
liferay / digital_experience_platform	7.4-update31	7.4-update31.x
liferay / digital_experience_platform	7.4-update32	7.4-update32.x
liferay / digital_experience_platform	7.4-update33	7.4-update33.x
liferay / digital_experience_platform	7.4-update35	7.4-update35.x
liferay / digital_experience_platform	7.4-update37	7.4-update37.x
liferay / digital_experience_platform	7.4-update38	7.4-update38.x

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-11993

Vulnerability Database

289,784

CVE-2024-11993