BIT-liferay-2023-42497

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/liferay/BIT-liferay-2023-42497.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-liferay-2023-42497

Aliases

CVE-2023-42497

Published

2024-01-31T15:17:02.904Z

Modified

2024-02-19T10:36:29.170Z

Summary

[none]

Details

Reflected cross-site scripting (XSS) vulnerability on the Export for Translation page in Liferay Portal 7.4.3.4 through 7.4.3.85, and Liferay DXP 7.4 before update 86 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_translation_web_internal_portlet_TranslationPortlet_redirect parameter.

Database specific

{
    "cpes": [
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:-:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update1:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update21:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update34:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update36:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update41:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update48:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update50:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update52:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update62:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update67:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update76:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update81:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update82:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update83:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update84:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update85:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42497

Affected packages

Bitnami / liferay

Package

Name: liferay
Purl: pkg:bitnami/liferay

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

7.4.0

Last affected

7.4.0

Type: SEMVER
Events: Introduced

7.4-update1.0

Last affected

7.4-update1.0

Introduced

7.4-update21.0

Last affected

7.4-update21.0

Introduced

7.4-update34.0

Last affected

7.4-update34.0

Introduced

7.4-update36.0

Last affected

7.4-update36.0

Introduced

7.4-update41.0

Last affected

7.4-update41.0

Introduced

7.4-update48.0

Last affected

7.4-update48.0

Introduced

7.4-update50.0

Last affected

7.4-update50.0

Introduced

7.4-update52.0

Last affected

7.4-update52.0

Introduced

7.4-update62.0

Last affected

7.4-update62.0

Introduced

7.4-update67.0

Last affected

7.4-update67.0

Introduced

7.4-update76.0

Last affected

7.4-update76.0

Introduced

7.4-update81.0

Last affected

7.4-update81.0

Introduced

7.4-update82.0

Last affected

7.4-update82.0

Introduced

7.4-update83.0

Last affected

7.4-update83.0

Introduced

7.4-update84.0

Last affected

7.4-update84.0

Introduced

7.4-update85.0

Last affected

7.4-update85.0