CVE-2024-11993

📊 4.6 MEDIUM⚡ 0.1%🎯 0 exploits

📅 Published Dec 17, 2024

📋 Status: Modified

Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field

CVSS v3.1 • NVD

🎯 Affected Products & Systems

41 product configurations affected

Filter by type:

Type	Vendor	Product	Version Range	Status	CPE String
📱App	liferay	liferay portal	≥ 7.1.0 ∧ < 7.4.3.39	Vulnerable	cpe:2.3:a:liferay:liferay_portal::::::::
📱App	liferay	digital experience platform	≥ 7.1 ∧ < 7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform::::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:-::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update1::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update10::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update11::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update12::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update13::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update14::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update15::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update16::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update17::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update18::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update19::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update2::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update20::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update21::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update22::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update23::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update24::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update25::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update26::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update27::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update28::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update29::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update3::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update30::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update31::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update32::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update33::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update34::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update35::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update36::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update37::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update38::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update4::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update5::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update6::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update7::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update8::::::
📱App	liferay	digital experience platform	7.4	Vulnerable	cpe:2.3:a:liferay:digital_experience_platform:7.4:update9::::::

📱

liferay / liferay portal

Application

Vulnerable

Version: ≥ 7.1.0 ∧ < 7.4.3.39

CPE:

cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: ≥ 7.1 ∧ < 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:-:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update1:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update10:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update11:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update12:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update13:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update14:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update15:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update16:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update17:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update18:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update19:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update2:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update20:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update21:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update22:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update23:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update24:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update25:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update26:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update27:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update28:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update29:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update3:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update30:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update31:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update32:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update33:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update34:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update35:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update36:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update37:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update38:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update4:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update5:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update6:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update7:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update8:*:*:*:*:*:*

📱

liferay / digital experience platform

Application

Vulnerable

Version: 7.4

CPE:

cpe:2.3:a:liferay:digital_experience_platform:7.4:update9:*:*:*:*:*:*

41 products•scroll for more

Metrics

4.6 MEDIUMCVSS v4.0[email protected]

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

🔍 Technical Details

Analysis Status

Modified

CVSS Details

4.6 (MEDIUM)v4.0

Source: [email protected]

EPSS Details

0.1% (Minimal)22.7th percentile

Last updated: Oct 31, 2025

Exploitation probability within 30 days

Published Date

Dec 17, 2024 (10 months ago)

Last Modified

Mar 28, 2025 (7 months ago)

Security Weaknesses1

CWE-79

References2

NVDadvisory