Lucene search

GoogleOSV:BIT-LIFERAY-2023-42497

HistoryJan 31, 2024 - 3:17 p.m.

BIT-liferay-2023-42497

2024-01-3115:17:02

Google

osv.dev

vulnerability

reflected xss

liferay portal 7.4

liferay dxp

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.2%

JSON

Reflected cross-site scripting (XSS) vulnerability on the Export for Translation page in Liferay Portal 7.4.3.4 through 7.4.3.85, and Liferay DXP 7.4 before update 86 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_translation_web_internal_portlet_TranslationPortlet_redirect parameter.

CPENameOperatorVersion
liferayle7.4.0
liferayge7.4-update1.0
liferayge7.4-update62.0
liferayle7.4-update50.0
liferayle7.4-update76.0
liferayle7.4-update81.0
liferayge7.4-update82.0
liferayle7.4-update36.0
liferayle7.4-update52.0
liferayge7.4.0

Name	Operator	Version
liferay	le	7.4.0
liferay	ge	7.4-update1.0
liferay	ge	7.4-update62.0
liferay	le	7.4-update50.0
liferay	le	7.4-update76.0
liferay	le	7.4-update81.0
liferay	ge	7.4-update82.0
liferay	le	7.4-update36.0
liferay	le	7.4-update52.0
liferay	ge	7.4.0

Rows per page:

1-10 of 341

References

liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42497

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.2%

JSON

Related for OSV:BIT-LIFERAY-2023-42497