CVE-2023-33944

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-33944
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-33944.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-33944
Aliases
Published
2023-05-24T16:15:09.693Z
Modified
2026-02-01T06:20:46.014376Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Cross-site scripting (XSS) vulnerability in Layout module in Liferay Portal 7.3.4 through 7.4.3.68, and Liferay DXP 7.3 before update 24, and 7.4 before update 69 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a container type layout fragment's URL text field.

References

Affected packages

Git / github.com/liferay/liferay-portal

Affected ranges

Type
GIT
Repo
https://github.com/liferay/liferay-portal
Events
Last affected
0515646c8f638f202d107469cc147172fc7685de
Last affected
29b73b9b896c7d44fb5d1800a402698c303d1cf6
Last affected
3cc350081830d5b3ed7848d769d3985a6bbf0469
Introduced
ec84d86679146b84af526f96471a730c340dda78
Last affected
4ec17043cde5a2ca44710e7f1e99fca2805867a6
Last affected
4ffdd7225ef4a5fd922703263a3006a741a4d8d0
Last affected
6d28f4266948e7b0eeb14c3e8d16b3d81e02e8bb
Last affected
77b773677e0fa17b1a869414ad66220245ba96a8
Last affected
f193301b2848899b008d51513af62a3b3a9b7888

Affected versions

7.*

7.4.0-ga1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-33944.json"