BIT-liferay-2023-42629

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/liferay/BIT-liferay-2023-42629.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-liferay-2023-42629

Aliases

CVE-2023-42629

Published

2024-01-31T15:16:34.081Z

Modified

2024-02-19T10:36:29.170Z

Summary

[none]

Details

Stored cross-site scripting (XSS) vulnerability in the manage vocabulary page in Liferay Portal 7.4.2 through 7.4.3.87, and Liferay DXP 7.4 before update 88 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a Vocabulary's 'description' text field.

Database specific

{
    "cpes": [
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:-:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update1:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update21:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update34:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update36:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update41:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update48:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update50:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update52:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update62:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update67:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update76:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update81:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update82:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update83:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update84:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update85:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update86:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

Affected packages

Bitnami / liferay

Package

Name: liferay
Purl: pkg:bitnami/liferay

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

7.4.0

Last affected

7.4.0

Type: SEMVER
Events: Introduced

7.4-update1.0

Last affected

7.4-update1.0

Introduced

7.4-update21.0

Last affected

7.4-update21.0

Introduced

7.4-update34.0

Last affected

7.4-update34.0

Introduced

7.4-update36.0

Last affected

7.4-update36.0

Introduced

7.4-update41.0

Last affected

7.4-update41.0

Introduced

7.4-update48.0

Last affected

7.4-update48.0

Introduced

7.4-update50.0

Last affected

7.4-update50.0

Introduced

7.4-update52.0

Last affected

7.4-update52.0

Introduced

7.4-update62.0

Last affected

7.4-update62.0

Introduced

7.4-update67.0

Last affected

7.4-update67.0

Introduced

7.4-update76.0

Last affected

7.4-update76.0

Introduced

7.4-update81.0

Last affected

7.4-update81.0

Introduced

7.4-update82.0

Last affected

7.4-update82.0

Introduced

7.4-update83.0

Last affected

7.4-update83.0

Introduced

7.4-update84.0

Last affected

7.4-update84.0

Introduced

7.4-update85.0

Last affected

7.4-update85.0

Introduced

7.4-update86.0

Last affected

7.4-update86.0