GHSA-v2xq-m22w-jmpr · Severity: critical · Ecosystem: maven — Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site Scripting
Stored cross-site scripting (XSS) vulnerability in Users Admin module's edit user page in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into an organization’s “Name” text field
Conclusion & alert: CVE-2024-25602 is rated Moderate Risk (51.7/100): CVSS Critical severity, with low exploitation likelihood (EPSS 0.61%). Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.46% | 0.61% | +0.16% |
| 2 | 2026-05-22 | 0.15% | 0.46% | +0.31% |
| 3 | 2025-11-21 | — | 0.15% | — |
Full EPSS history (11 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 9.0 | 3.1 | CRITICAL |
|
2.3 | 6.0 | [email protected] |
| 5.4 | 3.1 | MEDIUM |
|
2.3 | 2.7 | [email protected] |
GHSA-v2xq-m22w-jmpr · Severity: critical · Ecosystem: maven — Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site Scripting
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| liferay | liferay_portal | < 7.4.3.4 | cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:* |
| liferay | digital_experience_platform | < 7.2 | cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:* |
| liferay | digital_experience_platform | 7.2 | cpe:2.3:a:liferay:digital_experience_platform:7.2:-:*:*:*:*:*:* |
| liferay | digital_experience_platform | 7.2 | cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_1:*:*:*:*:*:* |
| liferay | digital_experience_platform | 7.2 | cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_10:*:*:*:*:*:* |
| liferay | digital_experience_platform | 7.2 | cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_11:*:*:*:*:*:* |
| liferay | digital_experience_platform | 7.2 | cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_12:*:*:*:*:*:* |
| liferay | digital_experience_platform | 7.2 | cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_13:*:*:*:*:*:* |
| liferay | digital_experience_platform | 7.2 | cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_14:*:*:*:*:*:* |
| liferay | digital_experience_platform | 7.2 | cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_15:*:*:*:*:*:* |
| liferay | digital_experience_platform | 7.2 | cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_16:*:*:*:*:*:* |
| liferay | digital_experience_platform | 7.2 | cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_2:*:*:*:*:*:* |
| liferay | digital_experience_platform | 7.2 | cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_3:*:*:*:*:*:* |
| liferay | digital_experience_platform | 7.2 | cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_4:*:*:*:*:*:* |
| liferay | digital_experience_platform | 7.2 | cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_5:*:*:*:*:*:* |
| liferay | digital_experience_platform | 7.2 | cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_6:*:*:*:*:*:* |
| liferay | digital_experience_platform | 7.2 | cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_7:*:*:*:*:*:* |
| liferay | digital_experience_platform | 7.2 | cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_8:*:*:*:*:*:* |
| liferay | digital_experience_platform | 7.2 | cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_9:*:*:*:*:*:* |
| liferay | digital_experience_platform | 7.2 | cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_1:*:*:*:*:*:* |
| liferay | digital_experience_platform | 7.2 | cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_2:*:*:*:*:*:* |
| liferay | digital_experience_platform | 7.2 | cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_3:*:*:*:*:*:* |
| liferay | digital_experience_platform | 7.2 | cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_4:*:*:*:*:*:* |
| liferay | digital_experience_platform | 7.2 | cpe:2.3:a:liferay:digital_experience_platform:7.2:service_pack_5:*:*:*:*:*:* |
| liferay | digital_experience_platform | 7.3 | cpe:2.3:a:liferay:digital_experience_platform:7.3:-:*:*:*:*:*:* |
| liferay | digital_experience_platform | 7.3 | cpe:2.3:a:liferay:digital_experience_platform:7.3:fix_pack_1:*:*:*:*:*:* |
| liferay | digital_experience_platform | 7.3 | cpe:2.3:a:liferay:digital_experience_platform:7.3:fix_pack_2:*:*:*:*:*:* |
| liferay | digital_experience_platform | 7.3 | cpe:2.3:a:liferay:digital_experience_platform:7.3:service_pack_1:*:*:*:*:*:* |