{"vulnerability": "CVE-2024-2626", "sightings": [{"uuid": "5948956a-eef1-4634-86d0-e8e8c333e4ee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26266", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3209", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-26266\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2024-02-21T03:15:09.353\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26266\n2. https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26266", "creation_timestamp": "2025-01-28T03:16:45.000000Z"}, {"uuid": "8b04f531-9220-43a9-8cc9-b5e9475b6b23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26266", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3259", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-26266\n\ud83d\udd25 CVSS Score: 9.7 (CVSS_V3)\n\ud83d\udd39 Description: Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported versions, and Liferay DXP 7.4 before update 10, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allow remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into the first/middle/last name text field of the user who creates an entry in the (1) Announcement widget, or (2) Alerts widget.\n\ud83d\udccf Published: 2024-02-21T03:30:38Z\n\ud83d\udccf Modified: 2025-01-28T15:01:06Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-26266\n2. https://github.com/liferay/liferay-portal\n3. https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26266", "creation_timestamp": "2025-01-28T15:09:05.000000Z"}, {"uuid": "9a0ea194-3f2f-4475-af99-52cb52a43575", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26261", "type": "seen", "source": "https://t.me/cvedetector/7798", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-9924 - Hgiga OAKlouds File Disclosure/Deletion Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-9924 \nPublished : Oct. 14, 2024, 4:15 a.m. | 42\u00a0minutes ago \nDescription : The fix for CVE-2024-26261 was incomplete, and and the specific package for OAKlouds from Hgiga remains at risk. Unauthenticated remote attackers still can download arbitrary system files, which may be deleted subsequently . \nSeverity: 9.8 | CRITICAL \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"14 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-14T07:28:07.000000Z"}, {"uuid": "6f720195-7c11-44c2-9344-24e21d098f97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26269", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/12900", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-26269\n\ud83d\udd25 CVSS Score: 9.6 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: Cross-site scripting (XSS) vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via the anchor (hash) part of a URL.\n\ud83d\udccf Published: 2024-02-21T02:39:41.806Z\n\ud83d\udccf Modified: 2025-04-22T16:25:42.981Z\n\ud83d\udd17 References:\n1. https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26269", "creation_timestamp": "2025-04-22T17:03:21.000000Z"}, {"uuid": "c848100b-c6d0-4155-97a1-46c7cb56b2af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26269", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/3210", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-26269\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: No description available\n\ud83d\udccf Published: 2024-02-21T03:15:09.527\n\ud83d\udccf Modified: N/A\n\ud83d\udd17 References:\n1. https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26269\n2. https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26269", "creation_timestamp": "2025-01-28T03:16:46.000000Z"}, {"uuid": "def7b1e0-fda3-408d-b504-6b431d7666ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26269", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3258", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-26269\n\ud83d\udd25 CVSS Score: 10 (CVSS_V3)\n\ud83d\udd39 Description: Cross-site scripting (XSS) vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via the anchor (hash) part of a URL.\n\ud83d\udccf Published: 2024-02-21T03:30:38Z\n\ud83d\udccf Modified: 2025-01-28T15:04:09Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-26269\n2. https://github.com/liferay/liferay-portal\n3. https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26269", "creation_timestamp": "2025-01-28T15:09:04.000000Z"}, {"uuid": "54eba91f-bdb2-4ea1-abc6-e273c939d132", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26266", "type": "seen", "source": "https://t.me/arpsyndicate/3926", "content": "#ExploitObserverAlert\n\nCVE-2024-26266\n\nDESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26266. Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported versions, and Liferay DXP 7.4 before update 10, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allow remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into the first/middle/last name text field of the user who creates an entry in the (1) Announcement widget, or (2) Alerts widget.\n\nFIRST-EPSS: 0.000430000", "creation_timestamp": "2024-02-22T04:20:55.000000Z"}, {"uuid": "517167a7-1fac-4c14-b363-ebb8556bc107", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-2626", "type": "seen", "source": "https://t.me/arpsyndicate/4430", "content": "#ExploitObserverAlert\n\nCVE-2024-2626\n\nDESCRIPTION: Exploit Observer has 22 entries in 5 file formats related to CVE-2024-2626. Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)\n\nFIRST-EPSS: 0.000000000\nNVD-IS: 3.6\nNVD-ES: 2.8", "creation_timestamp": "2024-04-09T21:40:43.000000Z"}, {"uuid": "75fe1905-ff3c-490f-aa6f-1eb59105a13e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26267", "type": "seen", "source": "https://t.me/ctinow/188515", "content": "https://ift.tt/PGWkfaV\nCVE-2024-26267", "creation_timestamp": "2024-02-20T14:22:01.000000Z"}, {"uuid": "a1c1f0a7-99c8-400e-b9d9-13511fb5d828", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26267", "type": "seen", "source": "https://t.me/arpsyndicate/3852", "content": "#ExploitObserverAlert\n\nCVE-2024-26267\n\nDESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26267. In Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versions, and Liferay DXP 7.4 before update 26, 7.3 before update 5, 7.2 before fix pack 19, and older unsupported versions the default value of the portal property `http.header.version.verbosity` is set to `full`, which allows remote attackers to easily identify the version of the application that is running and the vulnerabilities that affect that version via 'Liferay-Portal` response header.", "creation_timestamp": "2024-02-21T15:38:16.000000Z"}, {"uuid": "1557aee9-1449-4caa-96e4-8ac2ba675e5d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26269", "type": "seen", "source": "https://t.me/arpsyndicate/3909", "content": "#ExploitObserverAlert\n\nCVE-2024-26269\n\nDESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26269. Cross-site scripting (XSS) vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via the anchor (hash) part of a URL.\n\nFIRST-EPSS: 0.000430000", "creation_timestamp": "2024-02-22T04:00:18.000000Z"}, {"uuid": "51b21d9d-b153-4cc6-a7b2-629ee53a89bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26268", "type": "seen", "source": "https://t.me/arpsyndicate/3791", "content": "#ExploitObserverAlert\n\nCVE-2024-26268\n\nDESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26268. User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by comparing the request's response time.", "creation_timestamp": "2024-02-21T14:03:34.000000Z"}, {"uuid": "34b6e17e-4c2a-427a-94a8-fbc4f74e78bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26265", "type": "seen", "source": "https://t.me/arpsyndicate/3790", "content": "#ExploitObserverAlert\n\nCVE-2024-26265\n\nDESCRIPTION: Exploit Observer has 1 entries in 1 file formats related to CVE-2024-26265. The Image Uploader module in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions relies on a request parameter to limit the size of files that can be uploaded, which allows remote authenticated users to upload arbitrarily large files to the system's temp folder by modifying the `maxFileSize` parameter.", "creation_timestamp": "2024-02-21T14:02:04.000000Z"}, {"uuid": "37babb78-6797-4f18-bd24-4268c916d789", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26265", "type": "seen", "source": "https://t.me/ctinow/188514", "content": "https://ift.tt/sxDLHCP\nCVE-2024-26265", "creation_timestamp": "2024-02-20T14:22:00.000000Z"}, {"uuid": "a3488623-ff1b-4f73-ac8b-ad49e4bf8ed7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26264", "type": "seen", "source": "https://t.me/ctinow/185219", "content": "https://ift.tt/8PvnedU\nCVE-2024-26264", "creation_timestamp": "2024-02-15T04:26:28.000000Z"}, {"uuid": "d745df5e-04da-43ff-a054-e13fcc21c581", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26269", "type": "seen", "source": "https://t.me/ctinow/189175", "content": "https://ift.tt/WU3ntVM\nCVE-2024-26269", "creation_timestamp": "2024-02-21T04:21:48.000000Z"}, {"uuid": "89c0b584-9196-40b1-a634-4f1dcba34e92", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26266", "type": "seen", "source": "https://t.me/ctinow/189174", "content": "https://ift.tt/sKn6EHO\nCVE-2024-26266", "creation_timestamp": "2024-02-21T04:21:47.000000Z"}, {"uuid": "34c7258b-8f15-4705-910c-c0022e84b6a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26269", "type": "seen", "source": "https://t.me/ctinow/189183", "content": "https://ift.tt/WU3ntVM\nCVE-2024-26269", "creation_timestamp": "2024-02-21T04:26:19.000000Z"}, {"uuid": "dfa48f6c-d130-4645-8763-e605d7d8d1ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26266", "type": "seen", "source": "https://t.me/ctinow/189182", "content": "https://ift.tt/sKn6EHO\nCVE-2024-26266", "creation_timestamp": "2024-02-21T04:26:18.000000Z"}, {"uuid": "01fcf1ef-b5d8-4e6d-9361-ca5b6a3588c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26267", "type": "seen", "source": "https://t.me/ctinow/188525", "content": "https://ift.tt/PGWkfaV\nCVE-2024-26267", "creation_timestamp": "2024-02-20T14:26:23.000000Z"}, {"uuid": "618bde62-f3d4-40be-aaef-217354322ba0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26265", "type": "seen", "source": "https://t.me/ctinow/188524", "content": "https://ift.tt/sxDLHCP\nCVE-2024-26265", "creation_timestamp": "2024-02-20T14:26:22.000000Z"}, {"uuid": "f02d4b32-73cb-49df-8d87-76eb7454e281", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26263", "type": "seen", "source": "https://t.me/ctinow/185218", "content": "https://ift.tt/pktnfjC\nCVE-2024-26263", "creation_timestamp": "2024-02-15T04:26:27.000000Z"}, {"uuid": "75c39a52-14fd-40a4-ab17-1df23d74d50b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26262", "type": "seen", "source": "https://t.me/ctinow/185217", "content": "https://ift.tt/uyomBkV\nCVE-2024-26262", "creation_timestamp": "2024-02-15T04:26:26.000000Z"}, {"uuid": "8d21f3ac-cdbe-4a07-a47f-6913b5c0c62a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26261", "type": "seen", "source": "https://t.me/ctinow/185216", "content": "https://ift.tt/pInbwrP\nCVE-2024-26261", "creation_timestamp": "2024-02-15T04:26:25.000000Z"}, {"uuid": "4ab75c3f-a420-4539-827d-4f4934c2a676", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-26260", "type": "seen", "source": "https://t.me/ctinow/185215", "content": "https://ift.tt/bBfk35Y\nCVE-2024-26260", "creation_timestamp": "2024-02-15T04:26:24.000000Z"}]}