CVE-2023-42629

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-42629

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-42629.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-42629

Aliases

BIT-liferay-2023-42629

Published

2023-10-17T09:15:10Z

Modified

2025-03-05T13:23:11.129162Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Stored cross-site scripting (XSS) vulnerability in the manage vocabulary page in Liferay Portal 7.4.2 through 7.4.3.87, and Liferay DXP 7.4 before update 88 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a Vocabulary's 'description' text field.

References

Affected packages

Git / github.com/liferay/liferay-portal

Affected ranges

Type: GIT
Repo: https://github.com/liferay/liferay-portal
Events: Introduced

75354f3482d7c5edb70f4cd72ed8664ce8079842

Fixed

4ac0f73b8c5fb611683a86382ad80feb42d62bd1

Affected versions

7.*

7.4.2-ga3

7.4.3.4-ga4

7.4.3.41-ga41

7.4.3.5-ga5

7.4.3.6-ga6

7.4.3.7-ga7