Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Liferay DXP Other Vulnerability - CVE-2024-26270 - Vulnerability Database
Liferay DXP

Liferay DXP Other Vulnerability - CVE-2024-26270

Medium
Reference: CVE-2024-26270
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2024-26270
Title: Liferay DXP Other Vulnerability
Overview:

The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99 and Liferay DXP 2023.Q3 before patch 5 and 7.4 update 76 through 92 embeds the users hashed password in the pages HTML source which allows man-in-the-middle attackers to steal a user39s hashed password.