GHSA-g44j-f8wm-6622

Source

https://github.com/advisories/GHSA-g44j-f8wm-6622

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-g44j-f8wm-6622/GHSA-g44j-f8wm-6622.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-g44j-f8wm-6622

Aliases

Published

2023-10-17T09:30:23Z

Modified

2025-08-08T21:57:00.610600Z

Severity

9.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVSS Calculator

Summary

Liferay Portal and Liferay DXP Vulnerable to Stored XSS in the Manage Vocabulary Page

Details

Stored cross-site scripting (XSS) vulnerability in the manage vocabulary page in the Asset Categories Admin Web module before 5.0.87 from Liferay Portal (7.4.2 through 7.4.3.87), and Liferay DXP 7.4 before update 88 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a Vocabulary's 'description' text field.

Database specific

{
    "nvd_published_at": "2023-10-17T09:15:10Z",
    "severity": "CRITICAL",
    "github_reviewed_at": "2025-08-08T21:14:47Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Maven / com.liferay:com.liferay.asset.categories.admin.web

Package

Name: com.liferay:com.liferay.asset.categories.admin.web; View open source insights on deps.dev
Purl: pkg:maven/com.liferay/com.liferay.asset.categories.admin.web

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.0.87

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.0.10

1.0.11

1.0.12

1.0.13

1.0.14

1.0.15

1.0.16

1.0.17

1.0.18

1.0.19

1.1.0

1.1.1

1.1.2

1.1.3

1.1.4

1.1.5

1.1.6

1.1.7

1.1.8

1.1.9

1.1.10

1.1.11

1.1.12

1.1.13

1.1.14

1.1.15

1.1.16

1.1.17

1.1.18

1.1.19

1.1.20

1.1.21

1.1.22

1.1.23

1.1.24

1.1.25

1.1.26

1.1.27

1.1.28

1.1.29

1.1.30

1.1.31

1.1.32

1.1.33

1.1.34

1.1.35

1.1.36

1.1.37

1.1.38

1.1.39

1.1.40

1.1.41

1.1.42

1.1.43

1.1.44

1.1.45

1.1.46

1.1.47

1.1.48

1.1.49

1.1.50

1.1.51

1.1.52

1.1.53

1.1.54

1.1.55

1.1.56

1.1.57

1.1.58

1.1.59

1.1.60

1.1.61

1.1.62

1.1.63

1.1.64

1.1.65

1.1.66

1.1.67

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

2.0.10

2.0.11

2.0.12

2.0.13

2.0.14

2.0.15

2.0.16

2.0.17

2.0.18

2.0.19

2.0.20

2.0.21

2.0.22

2.0.23

2.0.24

2.0.25

2.0.26

2.0.27

2.0.28

2.0.29

2.0.30

2.0.31

2.0.32

2.0.33

2.0.34

2.0.35

2.0.36

2.0.37

2.0.38

2.0.39

2.0.40

2.0.41

2.0.42

2.0.43

2.0.44

2.0.45

2.0.46

2.0.47

2.0.48

2.0.49

2.0.50

2.0.51

2.0.52

2.0.53

2.0.54

2.0.55

2.0.56

2.0.57

2.0.58

2.0.59

2.0.60

2.0.61

2.0.62

2.0.63

3.*

3.0.0

3.0.1

3.0.2

3.0.3

3.0.4

3.0.5

3.0.6

3.0.7

3.0.8

3.0.9

3.0.10

3.0.11

3.0.12

3.0.13

3.0.14

3.0.15

3.0.16

3.0.17

3.0.18

3.0.19

3.0.20

3.0.21

3.0.22

3.0.23

3.0.24

3.0.25

3.0.26

3.0.27

3.0.28

3.0.29

3.0.30

3.0.31

3.0.32

3.0.33

3.0.34

3.0.35

3.0.36

3.0.37

3.0.38

3.0.39

3.0.40

3.0.41

3.0.42

3.0.43

3.0.44

3.0.45

3.0.46

3.0.47

3.0.48

3.0.49

3.0.50

3.0.51

3.0.52

3.0.53

3.0.54

3.0.55

3.0.56

3.0.57

3.0.58

3.0.59

3.0.60

3.0.61

3.0.62

3.0.63

3.0.64

3.0.65

3.0.66

3.0.67

3.0.68

3.0.69

3.0.70

3.0.71

3.0.72

3.0.73

3.0.74

4.*

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.5

4.0.6

4.0.7

4.0.8

4.0.9

4.0.10

4.0.11

4.0.12

4.0.13

4.0.14

4.0.15

4.0.16

4.0.17

4.0.18

4.0.19

4.0.20

4.0.21

4.0.22

4.0.23

4.0.24

4.0.25

4.0.26

4.0.27

4.0.28

4.0.29

4.0.30

4.0.31

4.0.32

4.0.33

4.0.34

4.0.35

4.0.36

4.0.37

4.0.38

4.0.39

4.0.40

4.0.41

4.0.42

4.0.43

4.0.44

4.0.45

4.0.46

4.0.47

4.0.48

4.0.49

4.0.50

4.0.51

4.0.52

4.0.53

4.0.54

4.0.55

4.0.56

4.0.57

4.0.58

4.0.59

4.0.60

4.0.61

4.0.62

4.0.63

4.0.64

4.0.65

4.0.66

4.0.67

4.0.68

4.0.69

4.0.70

4.0.71

4.0.72

4.0.73

4.0.74

4.0.75

4.0.76

4.0.77

4.0.78

4.0.79

4.0.80

4.0.81

4.0.82

5.*

5.0.0

5.0.1

5.0.2

5.0.3

5.0.4

5.0.5

5.0.6

5.0.7

5.0.8

5.0.9

5.0.10

5.0.11

5.0.12

5.0.13

5.0.14

5.0.15

5.0.16

5.0.17

5.0.18

5.0.19

5.0.20

5.0.21

5.0.22

5.0.23

5.0.24

5.0.25

5.0.26

5.0.27

5.0.28

5.0.29

5.0.30

5.0.31

5.0.32

5.0.33

5.0.34

5.0.35

5.0.36

5.0.37

5.0.38

5.0.39

5.0.40

5.0.41

5.0.42

5.0.43

5.0.44

5.0.45

5.0.46

5.0.47

5.0.48

5.0.49

5.0.50

5.0.51

5.0.52

5.0.53

5.0.54

5.0.55

5.0.56

5.0.57

5.0.58

5.0.59

5.0.60

5.0.61

5.0.62

5.0.63

5.0.64

5.0.65

5.0.66

5.0.67

5.0.68

5.0.69

5.0.70

5.0.71

5.0.72

5.0.73

5.0.74

5.0.75

5.0.76

5.0.77

5.0.78

5.0.79

5.0.80

5.0.81

5.0.82

5.0.83

5.0.84

5.0.85

5.0.86

Maven / com.liferay.portal:release.dxp.bom

Package

Name: com.liferay.portal:release.dxp.bom; View open source insights on deps.dev
Purl: pkg:maven/com.liferay.portal/release.dxp.bom

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.4.0

Fixed

7.4.13.u88

Affected versions

7.*

7.4.10.ep1

7.4.11

7.4.12

7.4.13

7.4.13.u1

7.4.13.u2

7.4.13.u3

7.4.13.u4

7.4.13.u5

7.4.13.u6

7.4.13.u7

7.4.13.u8

7.4.13.u9

7.4.13.u10

7.4.13.u15

7.4.13.u16

7.4.13.u17

7.4.13.u18

7.4.13.u19

7.4.13.u20

7.4.13.u21

7.4.13.u22

7.4.13.u23

7.4.13.u24

7.4.13.u25

7.4.13.u26

7.4.13.u27

7.4.13.u28

7.4.13.u29

7.4.13.u30

7.4.13.u31

7.4.13.u32

7.4.13.u33

7.4.13.u34

7.4.13.u35

7.4.13.u36

7.4.13.u37

7.4.13.u38

7.4.13.u39

7.4.13.u40

7.4.13.u41

7.4.13.u42

7.4.13.u43

7.4.13.u44

7.4.13.u45

7.4.13.u46

7.4.13.u47

7.4.13.u48

7.4.13.u49

7.4.13.u50

7.4.13.u51

7.4.13.u52

7.4.13.u53

7.4.13.u54

7.4.13.u55

7.4.13.u56

7.4.13.u57

7.4.13.u58

7.4.13.u59

7.4.13.u60

7.4.13.u61

7.4.13.u62

7.4.13.u63

7.4.13.u64

7.4.13.u65

7.4.13.u66

7.4.13.u67

7.4.13.u68

7.4.13.u69

7.4.13.u70

7.4.13.u71

7.4.13.u72

7.4.13.u73

7.4.13.u74

7.4.13.u75

7.4.13.u76

7.4.13.u77

7.4.13.u78

7.4.13.u79

7.4.13.u80

7.4.13.u81

7.4.13.u82

7.4.13.u83

7.4.13.u84

7.4.13.u85

7.4.13.u86

7.4.13.u87