CVSS 3.1 Score 5.4 of 10 (medium)


Published Feb 7, 2024
Updated: Feb 15, 2024


CVE-2024-25145 is a stored cross-site scripting (XSS) vulnerability that affects the Portal Search module's Search Result app in Liferay Portal versions 7.2.0 through, as well as older unsupported versions, and Liferay DXP versions 7.4 before update 8, 7.3 before update 4, and 7.2 before fix pack 17, along with older unsupported versions. This vulnerability allows remote authenticated users to inject arbitrary web script or HTML into the search result of the Search Result app if highlighting is disabled by adding searchable content to the application such as a blog or message board message. The vulnerability has a risk score of 25 out of 100 and is categorized as CWE-79 (Improper Neutralization of Input During Web Page Generation).

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-25145 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options