Lucene search

[email protected]CVE-2023-33944

HistoryMay 24, 2023 - 4:15 p.m.

CVE-2023-33944

2023-05-2416:15:09

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-33944

xss

vulnerability

liferay portal

web script

html

remote attackers

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

29.6%

JSON

Cross-site scripting (XSS) vulnerability in Layout module in Liferay Portal 7.3.4 through 7.4.3.68, and Liferay DXP 7.3 before update 24, and 7.4 before update 69 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a container type layout fragment’s URL text field.

Affected configurations

NVD

Node

liferaydigital_experience_platformMatch7.3-

liferaydigital_experience_platformMatch7.3fix_pack_1

liferaydigital_experience_platformMatch7.3fix_pack_2

liferaydigital_experience_platformMatch7.4-

liferaydigital_experience_platformMatch7.4update1

liferaydigital_experience_platformMatch7.4update21

liferaydigital_experience_platformMatch7.4update34

liferaydigital_experience_platformMatch7.4update36

liferaydigital_experience_platformMatch7.4update41

liferaydigital_experience_platformMatch7.4update50

liferaydigital_experience_platformMatch7.4update52

liferaydigital_experience_platformMatch7.4update62

liferayliferay_portalRange7.3.4–7.4.3.68

CPENameOperatorVersion
liferay:digital_experience_platformliferay digital experience platformeq7.3
liferay:digital_experience_platformliferay digital experience platformeq7.4
liferay:liferay_portalliferay liferay portalle7.4.3.68

CPE	Name	Operator	Version
liferay:digital_experience_platform	liferay digital experience platform	eq	7.3
liferay:digital_experience_platform	liferay digital experience platform	eq	7.4
liferay:liferay_portal	liferay liferay portal	le	7.4.3.68

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Portal",
    "vendor": "Liferay",
    "versions": [
      {
        "lessThanOrEqual": "7.4.3.68",
        "status": "affected",
        "version": "7.3.4",
        "versionType": "maven"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "DXP",
    "vendor": "Liferay",
    "versions": [
      {
        "lessThanOrEqual": "7.3.10.u23",
        "status": "affected",
        "version": "7.3.10",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "7.4.13.u68",
        "status": "affected",
        "version": "7.4.13",
        "versionType": "maven"
      }
    ]
  }
]