GHSA-53mw-69qx-q4fc

Source

https://github.com/advisories/GHSA-53mw-69qx-q4fc

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-53mw-69qx-q4fc/GHSA-53mw-69qx-q4fc.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-53mw-69qx-q4fc

Aliases

Published

2023-05-24T15:30:27Z

Modified

2024-02-16T08:14:38.866338Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Cross-site scripting in Liferay Portal

Details

Cross-site scripting (XSS) vulnerability in the Modified Facet widget in Liferay Portal 7.1.0 through 7.4.3.12, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 18, 7.3 before update 4, and 7.4 before update 9 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a facet label.

Database specific

{
    "nvd_published_at": "2023-05-24T14:15:09Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-05-24T18:04:23Z"
}

References

Affected packages

Maven / com.liferay.portal:release.portal.bom

Package

Name: com.liferay.portal:release.portal.bom; View open source insights on deps.dev
Purl: pkg:maven/com.liferay.portal/release.portal.bom

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.1.0

Fixed

7.4.3.13

Affected versions

7.*

7.1.0

7.1.1

7.1.2

7.1.3

7.1.3-1

7.2.0

7.2.1

7.2.1-1

7.3.0

7.3.0-1

7.3.1

7.3.1-1

7.3.2

7.3.2-1

7.3.3

7.3.3-1

7.3.4

7.3.5

7.3.6

7.3.7

7.4.0

7.4.1

7.4.1-1

7.4.2

7.4.2-1

7.4.3.4

7.4.3.5

7.4.3.6

7.4.3.7

7.4.3.8

7.4.3.9

7.4.3.10

7.4.3.11

7.4.3.12