CVE-2023-33944

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-33944

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-33944.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-33944

Aliases

Published

2023-05-24T16:15:09Z

Modified

2024-09-03T06:47:18.659417Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cross-site scripting (XSS) vulnerability in Layout module in Liferay Portal 7.3.4 through 7.4.3.68, and Liferay DXP 7.3 before update 24, and 7.4 before update 69 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a container type layout fragment's URL text field.

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33944

Affected packages

Git / github.com/liferay/liferay-portal

Affected ranges

Type: GIT
Repo: https://github.com/liferay/liferay-portal
Events: Last affected

0515646c8f638f202d107469cc147172fc7685de

Introduced

6d28f4266948e7b0eeb14c3e8d16b3d81e02e8bb

Last affected

4ec17043cde5a2ca44710e7f1e99fca2805867a6

Last affected

4ffdd7225ef4a5fd922703263a3006a741a4d8d0

Last affected

548f3899675d89749f92b7623d25e27d0c4691c7

Affected versions

7.*

7.3.4-ga5