{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "7.2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.2-NA" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.2-fix_pack_10" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.2-fix_pack_11" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.2-fix_pack_12" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.2-fix_pack_13" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.2-fix_pack_14" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.2-fix_pack_15" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.2-fix_pack_16" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.2-fix_pack_17" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.2-fix_pack_18" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.2-fix_pack_2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.2-fix_pack_3" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.2-fix_pack_4" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.2-fix_pack_5" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.2-fix_pack_6" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.2-fix_pack_7" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.2-fix_pack_8" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.2-fix_pack_9" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.2-service_pack_2" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.2-service_pack_3" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.2-service_pack_4" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.2-service_pack_5" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.2-service_pack_6" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.3-NA" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.4-NA" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.4-update3" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.4-update4" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.4-update5" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.4-update6" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.4-update7" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "7.4-update8" } ] }, { "events": [ { "introduced": "0" }, { "fixed": "7.4.3.13" } ] } ] }, "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "7.2-fix_pack_1" }, { "introduced": "0" }, { "last_affected": "7.2-service_pack_1" }, { "introduced": "0" }, { "last_affected": "7.3-fix_pack_1" }, { "introduced": "0" }, { "last_affected": "7.3-fix_pack_2" }, { "introduced": "0" }, { "last_affected": "7.3-service_pack_1" }, { "introduced": "0" }, { "last_affected": "7.3-service_pack_3" }, { "introduced": "0" }, { "last_affected": "7.4-update1" }, { "introduced": "0" }, { "last_affected": "7.4-update2" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "ded0e9390637985231e962e4ad4cfa4639eabb26" }, { "introduced": "0" }, { "last_affected": "ded0e9390637985231e962e4ad4cfa4639eabb26" }, { "introduced": "0" }, { "last_affected": "4ffdd7225ef4a5fd922703263a3006a741a4d8d0" }, { "introduced": "0" }, { "last_affected": "0515646c8f638f202d107469cc147172fc7685de" }, { "introduced": "0" }, { "last_affected": "4ffdd7225ef4a5fd922703263a3006a741a4d8d0" }, { "introduced": "0" }, { "last_affected": "77b773677e0fa17b1a869414ad66220245ba96a8" }, { "introduced": "0" }, { "last_affected": "548f3899675d89749f92b7623d25e27d0c4691c7" }, { "introduced": "0" }, { "last_affected": "75354f3482d7c5edb70f4cd72ed8664ce8079842" } ], "repo": "https://github.com/liferay/liferay-portal", "type": "GIT" } ] } ], "details": "In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions, the default configuration does not sanitize blog entries of JavaScript, which allows remote authenticated users to inject arbitrary web script or HTML (XSS) via a crafted payload injected into a blog entry’s content text field.", "id": "CVE-2024-25610", "modified": "2026-03-13T21:49:00.641092063Z", "published": "2024-02-20T13:15:08.493Z", "references": [ { "type": "ADVISORY", "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25610" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "type": "CVSS_V3" } ] }