Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1wZndjLTRmcmYtNGdmOM4AAzdV
Cross-site scripting in Liferay Portal
Cross-site scripting (XSS) vulnerability in Layout module in Liferay Portal 7.3.4 through 7.4.3.68, and Liferay DXP 7.3 before update 24, and 7.4 before update 69 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a container type layout fragment's URL
text field.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wZndjLTRmcmYtNGdmOM4AAzdV
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 11 months ago
Updated: 5 months ago
CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-pfwc-4frf-4gf8, CVE-2023-33944
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-33944
- https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33944
- https://github.com/advisories/GHSA-pfwc-4frf-4gf8
Affected Packages
maven:com.liferay.portal:release.portal.bom
Dependent packages: 5Dependent repositories: 33
Downloads:
Affected Version Ranges: >= 7.3.4, < 7.4.3.69
Fixed in: 7.4.3.69
All affected versions: 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.4.0, 7.4.1, 7.4.2
All unaffected versions: 7.0.6, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.3.2, 7.3.3