Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2024-26270

The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 76 through 92 embeds the user’s hashed password in the page’s HTML source, which allows man-in-the-middle attackers to steal a user's hashed password.

  • Published: Feb 20, 2024
  • Updated: May 4, 2025
  • CVE: CVE-2024-26270
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 5.3
  • AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

No CWE or OWASP classifications available.

Software From Fixed in
liferay / liferay_portal 7.4.3.76 7.4.3.100
liferay / digital_experience_platform 7.4-update76 7.4-update76.x
liferay / digital_experience_platform 7.4-update82 7.4-update82.x
liferay / digital_experience_platform 7.4-update83 7.4-update83.x
liferay / digital_experience_platform 7.4-update84 7.4-update84.x
liferay / digital_experience_platform 7.4-update85 7.4-update85.x
liferay / digital_experience_platform 7.4-update81 7.4-update81.x
liferay / digital_experience_platform 2023.q3.0 2023.q3.0.x
liferay / digital_experience_platform 7.4-update77 7.4-update77.x
liferay / digital_experience_platform 7.4-update78 7.4-update78.x
liferay / digital_experience_platform 7.4-update79 7.4-update79.x
liferay / digital_experience_platform 7.4-update80 7.4-update80.x
liferay / digital_experience_platform 7.4-update86 7.4-update86.x
liferay / digital_experience_platform 7.4-update87 7.4-update87.x
liferay / digital_experience_platform 7.4-update88 7.4-update88.x
liferay / digital_experience_platform 7.4-update89 7.4-update89.x
liferay / digital_experience_platform 7.4-update90 7.4-update90.x
liferay / digital_experience_platform 7.4-update91 7.4-update91.x
liferay / digital_experience_platform 7.4-update92 7.4-update92.x
liferay / digital_experience_platform 2023.q3.1 2023.q3.1.x
liferay / digital_experience_platform 2023.q3.2 2023.q3.2.x
liferay / digital_experience_platform 2023.q3.3 2023.q3.3.x
liferay / digital_experience_platform 2023.q3.4 2023.q3.4.x