GHSA-p9xg-9378-cqp7
Suggest an improvement- Source
- https://github.com/advisories/GHSA-p9xg-9378-cqp7
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-p9xg-9378-cqp7/GHSA-p9xg-9378-cqp7.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-p9xg-9378-cqp7
- Aliases
- Published
- 2023-05-24T15:30:27Z
- Modified
- 2024-02-16T08:23:47.967403Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Cross-site scripting in Liferay Portal
- Details
-
Cross-site scripting (XSS) vulnerability in the Account module in Liferay Portal 7.4.3.21 through 7.4.3.62, and Liferay DXP 7.4 update 21 through 62 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user's (1) First Name, (2) Middle Name, (3) Last Name, or (4) Job Title text field.
- Database specific
{ "nvd_published_at": "2023-05-24T15:15:09Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-05-24T18:04:46Z" }- References
Affected packages
Maven / com.liferay.portal:release.portal.bom
Package
- Name
- com.liferay.portal:release.portal.bom
- View open source insights on deps.dev
- Purl
- pkg:maven/com.liferay.portal/release.portal.bom
Affected versions
7.*
7.4.3.21
7.4.3.21-ga21
7.4.3.22
7.4.3.23
7.4.3.24
7.4.3.25
7.4.3.26
7.4.3.27
7.4.3.28
7.4.3.29
7.4.3.30
7.4.3.31
7.4.3.32
7.4.3.33
7.4.3.34
7.4.3.35
7.4.3.36
7.4.3.37
7.4.3.38
7.4.3.39
7.4.3.40
7.4.3.41
7.4.3.42
7.4.3.43
7.4.3.44
7.4.3.45
7.4.3.46
7.4.3.47
7.4.3.48
7.4.3.49
7.4.3.50
7.4.3.51
7.4.3.52
7.4.3.53
7.4.3.54
7.4.3.55
7.4.3.56
7.4.3.57
7.4.3.58
7.4.3.59
7.4.3.60
7.4.3.60-ga60
7.4.3.61
7.4.3.61-ga61
7.4.3.62