GSA_kwCzR0hTQS1wOXhnLTkzNzgtY3FwN84AAzdB

Moderate EPSS: 0.00142% (0.35484 Percentile) EPSS:

Permalink JSON

Cross-site scripting in Liferay Portal

Affected Packages	Affected Versions	Fixed Versions
maven:com.liferay.portal:release.portal.bom	>= 7.4.3.21, < 7.4.3.63	7.4.3.63
5 Dependent packages 33 Dependent repositories Affected Version Ranges All affected versions All unaffected versions 7.0.6, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.4.0, 7.4.1, 7.4.2

Cross-site scripting (XSS) vulnerability in the Account module in Liferay Portal 7.4.3.21 through 7.4.3.62, and Liferay DXP 7.4 update 21 through 62 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user's (1) First Name, (2) Middle Name, (3) Last Name, or (4) Job Title text field.

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-33943
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33943
https://github.com/advisories/GHSA-p9xg-9378-cqp7

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

GSA_kwCzR0hTQS1wOXhnLTkzNzgtY3FwN84AAzdB

Cross-site scripting in Liferay Portal

Affected Version Ranges

All affected versions

All unaffected versions

Identifiers

Risk

Severity

EPSS

Classification

Source

Origin

Date and time

Published

Updated

API