GHSA-mvfv-w3fq-xp67

Source

https://github.com/advisories/GHSA-mvfv-w3fq-xp67

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-mvfv-w3fq-xp67/GHSA-mvfv-w3fq-xp67.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-mvfv-w3fq-xp67

Aliases

Published

2023-05-24T15:30:27Z

Modified

2024-02-16T08:13:10.194007Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Cross-site scripting in Liferay Portal

Details

Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter.

Database specific

{
    "nvd_published_at": "2023-05-24T15:15:09Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-05-24T18:04:31Z"
}

References

Affected packages

Maven / com.liferay.portal:release.portal.bom

Package

Name: com.liferay.portal:release.portal.bom; View open source insights on deps.dev
Purl: pkg:maven/com.liferay.portal/release.portal.bom

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.4.3.41

Fixed

7.4.3.53

Affected versions

7.*

7.4.3.41

7.4.3.42

7.4.3.43

7.4.3.44

7.4.3.45

7.4.3.46

7.4.3.47

7.4.3.48

7.4.3.49

7.4.3.50

7.4.3.51

7.4.3.52