CVE-2024-37940

Name of the Vulnerable Software and Affected Versions Seraphinite Accelerator (Full, premium) versions n/a through 2.21.13 Liferay Portal and DXP versions 7.0.0 through 7.4.3.87

Description A Cross-Site Request Forgery (CSRF) vulnerability and a medium severity XSS vulnerability have been identified. The XSS vulnerability allows attackers to inject scripts into the Service Class field, posing a security risk.

Recommendations For Seraphinite Accelerator (Full, premium) versions n/a through 2.21.13, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Liferay Portal and DXP versions 7.0.0 through 7.4.3.87, upgrade to the latest version to stay secure.