CVE-2023-33940

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-33940

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-33940.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-33940

Aliases

Published

2023-05-24T14:15:09.697Z

Modified

2026-02-13T02:49:56.543714Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cross-site scripting (XSS) vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote attackers to inject arbitrary web script or HTML via the Remote App's IFrame URL.

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33940

Affected packages

Git / github.com/liferay/liferay-portal

Affected ranges

Type: GIT
Repo: https://github.com/liferay/liferay-portal
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

548f3899675d89749f92b7623d25e27d0c4691c7

Introduced

ec84d86679146b84af526f96471a730c340dda78

Last affected

ff103d4d88f6d88c528ae82a519910d0bf37ee27

Affected versions

7.*

7.4.0-ga1

7.4.1-ga2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-33940.json"