{"vulnerability": "CVE-2024-2514", "sightings": [{"uuid": "707c672d-53cd-4b39-89c9-e3e4169a22cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25147", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12899", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-25147\n\ud83d\udd25 CVSS Score: 9.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: Cross-site scripting (XSS) vulnerability in HtmlUtil.escapeJsLink in Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via crafted javascript: style links.\n\ud83d\udccf Published: 2024-02-21T01:16:21.256Z\n\ud83d\udccf Modified: 2025-04-22T16:25:59.509Z\n\ud83d\udd17 References:\n1. https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25147", "creation_timestamp": "2025-04-22T17:03:17.000000Z"}, {"uuid": "73d024f8-f0e8-49f2-bd29-35a40b6a8a6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25147", "type": "seen", "source": "https://t.me/arpsyndicate/3916", "content": "#ExploitObserverAlert\n\nCVE-2024-25147\n\nDESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25147. Cross-site scripting (XSS) vulnerability in HtmlUtil.escapeJsLink in Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via crafted javascript: style links.\n\nFIRST-EPSS: 0.000430000", "creation_timestamp": "2024-02-22T04:08:03.000000Z"}, {"uuid": "4f5521cb-84f3-4edb-8071-369abfc9744d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-2514", "type": "seen", "source": "https://t.me/ctinow/209253", "content": "https://ift.tt/4CYF32i\nCVE-2024-2514", "creation_timestamp": "2024-03-16T00:26:53.000000Z"}, {"uuid": "01ded89e-b0a2-467f-955e-a51fbd20effe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-2514", "type": "seen", "source": "https://t.me/ctinow/209249", "content": "https://ift.tt/4CYF32i\nCVE-2024-2514", "creation_timestamp": "2024-03-16T00:21:56.000000Z"}, {"uuid": "86d3d5e4-b335-4641-b727-d7fd9592035c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25148", "type": "seen", "source": "https://t.me/ctinow/198253", "content": "https://ift.tt/94LDuCO\nCVE-2024-25148 | Liferay Portal/DXP WYSIWYG Editor doAsUserId information disclosure", "creation_timestamp": "2024-03-02T07:36:44.000000Z"}, {"uuid": "cdcd9858-4539-49e0-9e9f-e9ef46e8f3b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25140", "type": "seen", "source": "https://t.me/ctinow/197405", "content": "https://ift.tt/CgueVZi\nCVE-2024-25140 | RustDesk 1.2.3/1.3.6.1.5.5/7.3.3 on Windows certificate validation", "creation_timestamp": "2024-03-01T09:11:18.000000Z"}, {"uuid": "3e59304d-889e-40b0-b7be-33bd2162a727", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25145", "type": "seen", "source": "https://t.me/ctinow/197977", "content": "https://ift.tt/7AnSc4V\nCVE-2024-25145 | Liferay Portal/DXP Search Result App cross site scripting", "creation_timestamp": "2024-03-01T20:46:44.000000Z"}, {"uuid": "d42d6c28-740f-468f-bf12-de65f876ebc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25149", "type": "seen", "source": "https://t.me/ctinow/188214", "content": "https://ift.tt/CaKN1My\nCVE-2024-25149", "creation_timestamp": "2024-02-20T08:22:06.000000Z"}, {"uuid": "3b37b06c-fd40-4d0d-ab87-e975e8b14d42", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25145", "type": "seen", "source": "https://t.me/ctinow/180796", "content": "https://ift.tt/jSRGcFC\nCVE-2024-25145", "creation_timestamp": "2024-02-07T16:22:23.000000Z"}, {"uuid": "ea122793-8f41-4386-8538-84f695c7ea56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25143", "type": "seen", "source": "https://t.me/ctinow/180795", "content": "https://ift.tt/BdZSHjt\nCVE-2024-25143", "creation_timestamp": "2024-02-07T16:22:22.000000Z"}, {"uuid": "c921192b-edc1-46b7-8739-b3984e2b14a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25148", "type": "seen", "source": "https://t.me/ctinow/181163", "content": "https://ift.tt/EQbRY06\nCVE-2024-25148", "creation_timestamp": "2024-02-08T05:31:40.000000Z"}, {"uuid": "ff0ecf97-8b90-459a-819b-f56d9ef7d2e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25149", "type": "seen", "source": "https://t.me/arpsyndicate/3728", "content": "#ExploitObserverAlert\n\nCVE-2024-25149\n\nDESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25149. Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not properly restrict membership of a child site when the \"Limit membership to members of the parent site\" option is enabled, which allows remote authenticated users to add users who are not a member of the parent site to a child site. The added user may obtain permission to perform unauthorized actions in the child site.\n\nFIRST-EPSS: 0.000430000", "creation_timestamp": "2024-02-21T07:28:21.000000Z"}, {"uuid": "837be61c-0e51-4cc2-86fd-8da780b05fe3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25141", "type": "seen", "source": "https://t.me/arpsyndicate/3784", "content": "#ExploitObserverAlert\n\nCVE-2024-25141\n\nDESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-25141. When ssl\u00a0was enabled for Mongo Hook, default settings included \"allow_insecure\" which caused that certificates were not validated. This was unexpected and undocumented. Users are recommended to upgrade to version 4.0.0, which fixes this issue.", "creation_timestamp": "2024-02-21T13:53:31.000000Z"}, {"uuid": "ccb9113a-3779-4aa9-965b-324c2cbe3220", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-2514", "type": "seen", "source": "https://t.me/ctinow/209118", "content": "https://ift.tt/7P5u3Ih\nCVE-2024-2514 | MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 /login.php email sql injection", "creation_timestamp": "2024-03-15T21:01:14.000000Z"}, {"uuid": "4fef9efb-6643-48ea-9abf-63d0b992e0d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25146", "type": "seen", "source": "https://t.me/ctinow/181162", "content": "https://ift.tt/2ChAvIk\nCVE-2024-25146", "creation_timestamp": "2024-02-08T05:31:39.000000Z"}, {"uuid": "8cb50780-ba3d-4200-aac1-927c2b3db3bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25144", "type": "seen", "source": "https://t.me/ctinow/181161", "content": "https://ift.tt/VMTjOSG\nCVE-2024-25144", "creation_timestamp": "2024-02-08T05:31:38.000000Z"}, {"uuid": "a531d942-023d-4302-9436-b3e249e971e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25144", "type": "seen", "source": "https://t.me/ctinow/198259", "content": "https://ift.tt/zjl0hI7\nCVE-2024-25144 | Liferay Portal/DXP IFrame Widget iteration", "creation_timestamp": "2024-03-02T08:07:09.000000Z"}, {"uuid": "b931d993-e68e-4db6-8d81-631db3c26780", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25141", "type": "seen", "source": "https://t.me/ctinow/188966", "content": "https://ift.tt/YCJH08y\nCVE-2024-25141", "creation_timestamp": "2024-02-20T22:31:57.000000Z"}, {"uuid": "5da48352-cd3e-4d0d-8458-863e3058065f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25149", "type": "seen", "source": "https://t.me/ctinow/188211", "content": "https://ift.tt/CaKN1My\nCVE-2024-25149", "creation_timestamp": "2024-02-20T08:22:01.000000Z"}, {"uuid": "07f46128-bc97-470c-98d8-28adc80680df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25141", "type": "seen", "source": "https://t.me/ctinow/188958", "content": "https://ift.tt/YCJH08y\nCVE-2024-25141", "creation_timestamp": "2024-02-20T22:27:06.000000Z"}, {"uuid": "cca323e8-f0d4-480e-a85e-18695066fa94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25147", "type": "seen", "source": "https://t.me/ctinow/189149", "content": "https://ift.tt/1ps3iFx\nCVE-2024-25147", "creation_timestamp": "2024-02-21T03:31:47.000000Z"}, {"uuid": "94a2c5a5-fced-4f72-81d3-21b9d94146d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25147", "type": "seen", "source": "https://t.me/ctinow/189141", "content": "https://ift.tt/1ps3iFx\nCVE-2024-25147", "creation_timestamp": "2024-02-21T03:21:20.000000Z"}, {"uuid": "a666cfba-ba5a-4720-9e80-228e658bd62b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25140", "type": "seen", "source": "https://t.me/ctinow/179879", "content": "https://ift.tt/oqVpkNW\nCVE-2024-25140", "creation_timestamp": "2024-02-06T10:21:56.000000Z"}, {"uuid": "35159c5f-24fa-4de8-956e-84ad463cbdf4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-25140", "type": "seen", "source": "https://t.me/ctinow/184445", "content": "https://ift.tt/8ImOYoc\nCVE-2024-25140 Exploit", "creation_timestamp": "2024-02-14T08:16:51.000000Z"}]}