Liferay DXP Other Vulnerability - CVE-2024-26270 - Vulnerability Database

Liferay DXP Other Vulnerability - CVE-2024-26270

Medium
Reference: CVE-2024-26270
Title: Liferay DXP Other Vulnerability
Overview:

The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99 and Liferay DXP 2023.Q3 before patch 5 and 7.4 update 76 through 92 embeds the users hashed password in the pages HTML source which allows man-in-the-middle attackers to steal a user39s hashed password.