Lucene search

GoogleOSV:CVE-2023-42497

HistoryOct 17, 2023 - 8:15 a.m.

CVE-2023-42497

2023-10-1708:15:09

Google

osv.dev

liferay portal

cross-site scripting

vulnerability

remote attackers

web script

html

translation page

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.2%

JSON

Reflected cross-site scripting (XSS) vulnerability on the Export for Translation page in Liferay Portal 7.4.3.4 through 7.4.3.85, and Liferay DXP 7.4 before update 86 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_translation_web_internal_portlet_TranslationPortlet_redirect parameter.

References

liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42497

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.2%

JSON

Related for OSV:CVE-2023-42497