Cross site scripting

2023-05-2415:15:00

PRIOn knowledge base

www.prio-n.com

cross-site scripting

web content display

liferay portal

remote attackers

arbitrary web script

html

crafted payload

0.001 Low

EPSS

Percentile

22.8%

JSON

Cross-site scripting (XSS) vulnerability in the Web Content Display widget’s article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article’s Title field.

CPENameOperatorVersion
digital_experience_platformeq7.4 update50
liferay_portaleq7.4.3.50

CPE	Name	Operator	Version
	digital_experience_platform	eq	7.4 update50
	liferay_portal	eq	7.4.3.50

References

liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33942

0.001 Low

EPSS

Percentile

22.8%

JSON

Related for PRION:CVE-2023-33942