Lucene search
HistoryOct 17, 2023 - 12:15 p.m.
CVE-2023-42628
cve-2023-42628
stored xss
liferay portal
liferay dxp
remote attackers
web vulnerability
9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
20.4%
Stored cross-site scripting (XSS) vulnerability in the Wiki widget in Liferay Portal 7.1.0 through 7.4.3.87, and Liferay DXP 7.0 fix pack 83 through 102, 7.1 fix pack 28 and earlier, 7.2 fix pack 20 and earlier, 7.3 update 33 and earlier, and 7.4 before update 88 allows remote attackers to inject arbitrary web script or HTML into a parent wiki page via a crafted payload injected into a wiki pageβs βContentβ text field.
Affected configurations
Node
liferaydigital_experience_platformMatch7.0-
ORliferaydigital_experience_platformMatch7.0fix_pack_1
ORliferaydigital_experience_platformMatch7.0fix_pack_10
ORliferaydigital_experience_platformMatch7.0fix_pack_11
ORliferaydigital_experience_platformMatch7.0fix_pack_12
ORliferaydigital_experience_platformMatch7.0fix_pack_13
ORliferaydigital_experience_platformMatch7.0fix_pack_14
ORliferaydigital_experience_platformMatch7.0fix_pack_15
ORliferaydigital_experience_platformMatch7.0fix_pack_16
ORliferaydigital_experience_platformMatch7.0fix_pack_17
ORliferaydigital_experience_platformMatch7.0fix_pack_18
ORliferaydigital_experience_platformMatch7.0fix_pack_19
ORliferaydigital_experience_platformMatch7.0fix_pack_2
ORliferaydigital_experience_platformMatch7.0fix_pack_20
ORliferaydigital_experience_platformMatch7.0fix_pack_21
ORliferaydigital_experience_platformMatch7.0fix_pack_22
ORliferaydigital_experience_platformMatch7.0fix_pack_23
ORliferaydigital_experience_platformMatch7.0fix_pack_24
ORliferaydigital_experience_platformMatch7.0fix_pack_25
ORliferaydigital_experience_platformMatch7.0fix_pack_26
ORliferaydigital_experience_platformMatch7.0fix_pack_27
ORliferaydigital_experience_platformMatch7.0fix_pack_28
ORliferaydigital_experience_platformMatch7.0fix_pack_29
ORliferaydigital_experience_platformMatch7.0fix_pack_3
ORliferaydigital_experience_platformMatch7.0fix_pack_30
ORliferaydigital_experience_platformMatch7.0fix_pack_31
ORliferaydigital_experience_platformMatch7.0fix_pack_32
ORliferaydigital_experience_platformMatch7.0fix_pack_33
ORliferaydigital_experience_platformMatch7.0fix_pack_34
ORliferaydigital_experience_platformMatch7.0fix_pack_35
ORliferaydigital_experience_platformMatch7.0fix_pack_36
ORliferaydigital_experience_platformMatch7.0fix_pack_37
ORliferaydigital_experience_platformMatch7.0fix_pack_38
ORliferaydigital_experience_platformMatch7.0fix_pack_39
ORliferaydigital_experience_platformMatch7.0fix_pack_4
ORliferaydigital_experience_platformMatch7.0fix_pack_40
ORliferaydigital_experience_platformMatch7.0fix_pack_41
ORliferaydigital_experience_platformMatch7.0fix_pack_42
ORliferaydigital_experience_platformMatch7.0fix_pack_43
ORliferaydigital_experience_platformMatch7.0fix_pack_44
ORliferaydigital_experience_platformMatch7.0fix_pack_45
ORliferaydigital_experience_platformMatch7.0fix_pack_46
ORliferaydigital_experience_platformMatch7.0fix_pack_47
ORliferaydigital_experience_platformMatch7.0fix_pack_48
ORliferaydigital_experience_platformMatch7.0fix_pack_49
ORliferaydigital_experience_platformMatch7.0fix_pack_5
ORliferaydigital_experience_platformMatch7.0fix_pack_50
ORliferaydigital_experience_platformMatch7.0fix_pack_51
ORliferaydigital_experience_platformMatch7.0fix_pack_52
ORliferaydigital_experience_platformMatch7.0fix_pack_53
ORliferaydigital_experience_platformMatch7.0fix_pack_54
ORliferaydigital_experience_platformMatch7.0fix_pack_55
ORliferaydigital_experience_platformMatch7.0fix_pack_56
ORliferaydigital_experience_platformMatch7.0fix_pack_57
ORliferaydigital_experience_platformMatch7.0fix_pack_58
ORliferaydigital_experience_platformMatch7.0fix_pack_59
ORliferaydigital_experience_platformMatch7.0fix_pack_6
ORliferaydigital_experience_platformMatch7.0fix_pack_60
ORliferaydigital_experience_platformMatch7.0fix_pack_61
ORliferaydigital_experience_platformMatch7.0fix_pack_62
ORliferaydigital_experience_platformMatch7.0fix_pack_63
ORliferaydigital_experience_platformMatch7.0fix_pack_64
ORliferaydigital_experience_platformMatch7.0fix_pack_65
ORliferaydigital_experience_platformMatch7.0fix_pack_66
ORliferaydigital_experience_platformMatch7.0fix_pack_67
ORliferaydigital_experience_platformMatch7.0fix_pack_68
ORliferaydigital_experience_platformMatch7.0fix_pack_69
ORliferaydigital_experience_platformMatch7.0fix_pack_7
ORliferaydigital_experience_platformMatch7.0fix_pack_70
ORliferaydigital_experience_platformMatch7.0fix_pack_71
ORliferaydigital_experience_platformMatch7.0fix_pack_72
ORliferaydigital_experience_platformMatch7.0fix_pack_73
ORliferaydigital_experience_platformMatch7.0fix_pack_74
ORliferaydigital_experience_platformMatch7.0fix_pack_75
ORliferaydigital_experience_platformMatch7.0fix_pack_76
ORliferaydigital_experience_platformMatch7.0fix_pack_77
ORliferaydigital_experience_platformMatch7.0fix_pack_78
ORliferaydigital_experience_platformMatch7.0fix_pack_79
ORliferaydigital_experience_platformMatch7.0fix_pack_8
ORliferaydigital_experience_platformMatch7.0fix_pack_80
ORliferaydigital_experience_platformMatch7.0fix_pack_81
ORliferaydigital_experience_platformMatch7.0fix_pack_82
ORliferaydigital_experience_platformMatch7.1-
ORliferaydigital_experience_platformMatch7.2-
ORliferaydigital_experience_platformMatch7.3-
ORliferaydigital_experience_platformMatch7.4-
ORliferaydigital_experience_platformMatch7.4update1
ORliferaydigital_experience_platformMatch7.4update21
ORliferaydigital_experience_platformMatch7.4update34
ORliferaydigital_experience_platformMatch7.4update36
ORliferaydigital_experience_platformMatch7.4update41
ORliferaydigital_experience_platformMatch7.4update48
ORliferaydigital_experience_platformMatch7.4update50
ORliferaydigital_experience_platformMatch7.4update52
ORliferaydigital_experience_platformMatch7.4update62
ORliferaydigital_experience_platformMatch7.4update67
ORliferaydigital_experience_platformMatch7.4update76
ORliferaydigital_experience_platformMatch7.4update81
ORliferaydigital_experience_platformMatch7.4update82
ORliferaydigital_experience_platformMatch7.4update83
ORliferaydigital_experience_platformMatch7.4update84
ORliferaydigital_experience_platformMatch7.4update85
ORliferaydigital_experience_platformMatch7.4update86
Node
liferayliferay_portalRange7.1.0β7.4.3.88
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "DXP",
"vendor": "Liferay",
"versions": [
{
"lessThanOrEqual": "7.0.10-*",
"status": "affected",
"version": "7.0.10-de-83",
"versionType": "maven"
},
{
"lessThanOrEqual": "7.1.10-*",
"status": "affected",
"version": "7.1.10",
"versionType": "maven"
},
{
"lessThanOrEqual": "7.2.10-*",
"status": "affected",
"version": "7.2.10",
"versionType": "maven"
},
{
"lessThanOrEqual": "7.3.10-*",
"status": "affected",
"version": "7.3.10",
"versionType": "maven"
},
{
"lessThanOrEqual": "7.4.13.u87",
"status": "affected",
"version": "7.4.13",
"versionType": "maven"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Portal",
"vendor": "Liferay",
"versions": [
{
"lessThanOrEqual": "7.4.3.87",
"status": "affected",
"version": "7.1.0",
"versionType": "maven"
}
]
}
]Related
osv
osv
BIT-liferay-2023-42628
2024-01-31 15:16:42
CVE-2023-42628
2023-10-17 12:15:10
BIT-2023-42628
2023-10-25 06:20:44
nvd
nvd
CVE-2023-42628
2023-10-17 12:15:10
prion
prion
Cross site scripting
2023-10-17 12:15:00
cvelist
cvelist
CVE-2023-42628
2023-10-17 11:52:45
9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
20.4%
Related for CVE-2023-42628