BIT-liferay-2023-33937

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/liferay/BIT-liferay-2023-33937.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-liferay-2023-33937

Aliases

Published

2024-01-31T15:19:13.806Z

Modified

2024-02-19T10:36:29.170Z

Summary

[none]

Details

Stored cross-site scripting (XSS) vulnerability in Form widget configuration in Liferay Portal 7.1.0 through 7.3.0, and Liferay DXP 7.1 before fix pack 18, and 7.2 before fix pack 5 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a form's name field.

Database specific

{
    "severity": "Medium",
    "cpes": [
        "cpe:2.3:a:liferay:digital_experience_platform:7.1:-:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_10:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_11:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_12:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_13:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_14:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_15:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_16:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_17:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_1:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_20:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_21:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_22:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_23:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_24:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_25:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_26:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_2:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_3:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_4:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_5:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_6:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_7:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_8:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_9:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.2:-:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_1:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_2:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_3:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_4:*:*:*:*:*:*"
    ]
}

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33937

Affected packages

Bitnami / liferay

Package

Name: liferay
Purl: pkg:bitnami/liferay

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

7.1.0

Last affected

7.1.0

Introduced

7.2.0

Last affected

7.2.0

Type: SEMVER
Events: Introduced

7.1-fix.0

Last affected

7.1-fix.0

Introduced

7.1-fix.0

Last affected

7.1-fix.0

Introduced

7.1-fix.0

Last affected

7.1-fix.0

Introduced

7.1-fix.0

Last affected

7.1-fix.0

Introduced

7.1-fix.0

Last affected

7.1-fix.0

Introduced

7.1-fix.0

Last affected

7.1-fix.0

Introduced

7.1-fix.0

Last affected

7.1-fix.0

Introduced

7.1-fix.0

Last affected

7.1-fix.0

Introduced

7.1-fix.0

Last affected

7.1-fix.0

Introduced

7.1-fix.0

Last affected

7.1-fix.0

Introduced

7.1-fix.0

Last affected

7.1-fix.0

Introduced

7.1-fix.0

Last affected

7.1-fix.0

Introduced

7.1-fix.0

Last affected

7.1-fix.0

Introduced

7.1-fix.0

Last affected

7.1-fix.0

Introduced

7.1-fix.0

Last affected

7.1-fix.0

Introduced

7.1-fix.0

Last affected

7.1-fix.0

Introduced

7.1-fix.0

Last affected

7.1-fix.0

Introduced

7.1-fix.0

Last affected

7.1-fix.0

Introduced

7.1-fix.0

Last affected

7.1-fix.0

Introduced

7.1-fix.0

Last affected

7.1-fix.0

Introduced

7.1-fix.0

Last affected

7.1-fix.0

Introduced

7.1-fix.0

Last affected

7.1-fix.0

Introduced

7.1-fix.0

Last affected

7.1-fix.0

Introduced

7.1-fix.0

Last affected

7.1-fix.0

Introduced

7.2-fix.0

Last affected

7.2-fix.0

Introduced

7.2-fix.0

Last affected

7.2-fix.0

Introduced

7.2-fix.0

Last affected

7.2-fix.0

Introduced

7.2-fix.0

Last affected

7.2-fix.0