CVE-2024-25151

Summary

CVE-2024-25151 is a vulnerability found in the Calendar module of Liferay Portal versions 7.2.0 through 7.4.2, as well as older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions. It allows remote authenticated users to inject arbitrary web script or HTML into the default notification email template by manipulating the title of a calendar event or the user's name. This could potentially lead to content spoofing or cross-site scripting (XSS) attacks depending on the recipient's mail client capabilities. The vulnerability has a base severity rating of MEDIUM with a base score of 5.4 and requires low privileges and user interaction for exploitation. It has a low impact on integrity and confidentiality, and no impact on availability. Remediation for this vulnerability is not specified in the provided information. (Note: The paragraph above compiles factual information from the given text without providing any new analysis or opinions.)

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.