Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS13dmh3LTVtODktNjRnds4AAzdD

Cross-site scripting in Liferay Portal

Cross-site scripting (XSS) vulnerability in the App Builder module's custom object details page in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before update 14 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an App Builder custom object's Name field.

Permalink: https://github.com/advisories/GHSA-wvhw-5m89-64gv
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13dmh3LTVtODktNjRnds4AAzdD
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 10 months ago
Updated: 5 months ago


CVSS Score: 4.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Identifiers: GHSA-wvhw-5m89-64gv, CVE-2023-33938
References:

Affected Packages

maven:com.liferay.portal:release.portal.bom
Dependent packages: 5
Dependent repositories: 33
Downloads:
Affected Version Ranges: >= 7.3.0, < 7.4.1
Fixed in: 7.4.1
All affected versions: 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.4.0
All unaffected versions: 7.0.6, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.2.0, 7.2.1, 7.4.1, 7.4.2