CVE-2023-33942

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-33942

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-33942.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-33942

Aliases

Published

2023-05-24T15:15:09.807Z

Modified

2026-04-10T04:58:20.061706Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's Title field.

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33942

Affected packages

Git / github.com/liferay/liferay-portal

Affected ranges

Type

GIT

Repo

https://github.com/liferay/liferay-portal

Events

Introduced

Last affected

5df741fd6e2514e1269d539ed6c2c774672bda18

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.4.3.50"
        }
    ]
}

Affected versions

6.*

6.1.0-b1

6.1.0-b2

6.1.0-b3

6.1.0-b4

6.1.0-rc1

6.2.0-b1

6.2.0-b2

6.2.0-m2

6.2.0-m3

6.2.0-m4

6.2.0-m5

6.2.0-m6

7.*

7.0.0-m1

7.0.0-m2

7.0.0-m3

7.0.0-m4

7.0.0-m5

7.1.0-a1

7.1.0-a2

7.1.0-b1

7.1.0-b2

7.1.0-m1

7.1.0-m2

7.2.0-a1

7.2.0-b1

7.2.0-b2

7.2.0-b3

7.2.0-m2

7.3.0-ga1

7.3.1-ga2

7.3.2-ga3

7.3.3-ga4

7.3.4-ga5

7.3.5-ga6

7.4.0-ga1

7.4.1-ga2

7.4.2-ga3

7.4.3.4-ga4

7.4.3.41-ga41

7.4.3.5-ga5

7.4.3.50-ga50

7.4.3.6-ga6

7.4.3.7-ga7

sync-3.*

sync-3.0.0-b1

sync-3.0.1-b2

sync-3.0.10-ga2

sync-3.0.2-b3

sync-3.0.3-b4

sync-3.0.4-b5

sync-3.0.5-b6

sync-3.0.6-b7

sync-3.0.7-b8

sync-3.0.8-b9

sync-3.0.9-ga1

sync-3.1.0-ga1

Other

test-fix-pack-base-7310

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-33942.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.4-update50"
            }
        ]
    }
]