CVE-2024-25606 | Liferay Portal/DXP Java2WsddTask._format xml external entity reference

Posted by Angelo Barbosa | Feb 20, 2024 | CVE

A vulnerability, which was classified as problematic, was found in Liferay Portal and DXP. Affected is the function Java2WsddTask._format. The manipulation leads to xml external entity reference.

This vulnerability is traded as CVE-2024-25606. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to apply a patch to fix this issue.

CVE-2024-25606 | Liferay Portal/DXP Java2WsddTask._format xml external entity reference

Related Posts

CVE-2024-34603 | Samsung Devices up to SMR Feb-2021 Release 1 Message access control

CVE-2024-8746 | File Manager Pro Plugin up to 8.3.9 on WordPress Shortcode mk_file_folder_manager_shortcode unrestricted upload

CVE-2024-49274 | Infomaniak Staff VOD Infomaniak Plugin up to 1.5.7 on WordPress cross-site request forgery

CVE-2024-10080 | chertz WP Easy Post Types Plugin up to 1.4.4 on WordPress cross site scripting