CVE-2023-42496

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-42496
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-42496.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-42496
Aliases
Published
2024-02-21T03:15:08Z
Modified
2025-01-28T20:47:48Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Reflected cross-site scripting (XSS) vulnerability on the add assignees to a role page in Liferay Portal 7.3.3 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, 7.4 GA through update 92, and 7.3 before update 34 allows remote attackers to inject arbitrary web script or HTML via the comliferayrolesadminwebportletRolesAdminPortlettabs2 parameter.

References

Affected packages

Git / github.com/liferay/liferay-portal

Affected ranges

Type
GIT
Repo
https://github.com/liferay/liferay-portal
Events