CVE-2023-3193

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-3193

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3193.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-3193

Aliases

GHSA-qxf6-mp24-52cv

Published

2023-06-15T04:15:34.727Z

Modified

2026-01-10T06:22:01.840374Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cross-site scripting (XSS) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL parameter.

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-3193

Affected packages

Git / github.com/liferay/liferay-portal

Affected ranges

Type: GIT
Repo: https://github.com/liferay/liferay-portal
Events: Introduced

08f398396f8940c875a0c03d8a62c8a592d73ee7

Fixed

77e8c919ce449c812debd09ccb4d04c436a960c0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3193.json"