CVE-2024-25148

HIGH Year: 2024
CVSS v3 Score
8.1
High
Weakness Type
CWE-201
View all →

Vulnerability Description

In Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions the `doAsUserId` URL parameter may get leaked when creating linked content using the WYSIWYG editor and while impersonating a user. This may allow remote authenticated users to impersonate a user after accessing the linked content.

Related Vulnerabilities

CVE-2025-3529

HIGH
CVSS:8.2(High)

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.2 via the 'file_url' parameter. This makes it possible...

CWE-2012025

CVE-2021-23019

HIGH
CVSS:7.8(High)

The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0 Administrator password may be exposed in the systemd.txt file that is included in the NGINX support package.

CWE-2012021

CVE-2023-3399

HIGH
CVSS:7.7(High)

An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was ...

CWE-2012023

CVE-2023-1975

HIGH
CVSS:7.6(High)

Insertion of Sensitive Information Into Sent Data in GitHub repository answerdev/answer prior to 1.0.8.

CWE-2012023

CVE-2024-7872

HIGH
CVSS:7.6(High)

Insertion of Sensitive Information Into Sent Data vulnerability in ExtremePACS Extreme XDS allows Retrieve Embedded Sensitive Data.This issue affects Extreme XDS: before 3933.

CWE-2012024

CVE-2016-10518

HIGH
CVSS:7.5(High)

A vulnerability was found in the ping functionality of the ws module before 1.0.0 which allowed clients to allocate memory by sending a ping frame. The ping functionality by default responds with a po...

CWE-2012016