GHSA-w2g3-j73q-7qv7

Suggest an improvement
Source
https://github.com/advisories/GHSA-w2g3-j73q-7qv7
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-w2g3-j73q-7qv7/GHSA-w2g3-j73q-7qv7.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-w2g3-j73q-7qv7
Aliases
Published
2023-10-17T09:30:23Z
Modified
2025-08-08T21:43:17.256919Z
Severity
  • 9.6 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
Summary
Liferay Portal and Liferay DXP Vulnerable to Reflected XSS via the Export for Translation Page
Details

Reflected cross-site scripting (XSS) vulnerability on the Export for Translation page before 2.0.86 from Liferay Portal (7.4.3.4 through 7.4.3.85), and Liferay DXP 7.4 before update 86 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_translation_web_internal_portlet_TranslationPortlet_redirect parameter.

Database specific 
{
    "nvd_published_at": "2023-10-17T08:15:09Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "CRITICAL",
    "github_reviewed_at": "2025-08-08T21:13:29Z"
}
References

Affected packages

Maven / com.liferay:com.liferay.translation.web

Package

Name
com.liferay:com.liferay.translation.web
View open source insights on deps.dev
Purl
pkg:maven/com.liferay/com.liferay.translation.web

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.86

Affected versions

1.*

1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.0.10
1.0.11
1.0.12
1.0.13
1.0.14
1.0.15
1.0.16
1.0.17
1.0.18
1.0.19
1.0.20
1.0.21
1.0.22
1.0.23
1.0.24
1.0.25
1.0.26
1.0.27
1.0.28
1.0.29
1.0.30
1.0.31
1.0.32

2.*

2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.0.10
2.0.11
2.0.12
2.0.13
2.0.14
2.0.15
2.0.16
2.0.17
2.0.18
2.0.19
2.0.20
2.0.21
2.0.22
2.0.23
2.0.24
2.0.25
2.0.26
2.0.27
2.0.28
2.0.29
2.0.30
2.0.31
2.0.32
2.0.33
2.0.34
2.0.35
2.0.36
2.0.37
2.0.38
2.0.39
2.0.40
2.0.41
2.0.42
2.0.43
2.0.44
2.0.45
2.0.46
2.0.47
2.0.48
2.0.49
2.0.50
2.0.51
2.0.52
2.0.53
2.0.54
2.0.55
2.0.56
2.0.57
2.0.58
2.0.59
2.0.60
2.0.61
2.0.62
2.0.63
2.0.64
2.0.65
2.0.66
2.0.67
2.0.68
2.0.69
2.0.70
2.0.71
2.0.72
2.0.73
2.0.74
2.0.75
2.0.76
2.0.77
2.0.78
2.0.79
2.0.80
2.0.81
2.0.82
2.0.83
2.0.84
2.0.85

Maven / com.liferay.portal:release.dxp.bom

Package

Name
com.liferay.portal:release.dxp.bom
View open source insights on deps.dev
Purl
pkg:maven/com.liferay.portal/release.dxp.bom

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.4.0
Fixed
7.4.13.u86

Affected versions

7.*

7.4.10.ep1
7.4.11
7.4.12
7.4.13
7.4.13.u1
7.4.13.u2
7.4.13.u3
7.4.13.u4
7.4.13.u5
7.4.13.u6
7.4.13.u7
7.4.13.u8
7.4.13.u9
7.4.13.u10
7.4.13.u15
7.4.13.u16
7.4.13.u17
7.4.13.u18
7.4.13.u19
7.4.13.u20
7.4.13.u21
7.4.13.u22
7.4.13.u23
7.4.13.u24
7.4.13.u25
7.4.13.u26
7.4.13.u27
7.4.13.u28
7.4.13.u29
7.4.13.u30
7.4.13.u31
7.4.13.u32
7.4.13.u33
7.4.13.u34
7.4.13.u35
7.4.13.u36
7.4.13.u37
7.4.13.u38
7.4.13.u39
7.4.13.u40
7.4.13.u41
7.4.13.u42
7.4.13.u43
7.4.13.u44
7.4.13.u45
7.4.13.u46
7.4.13.u47
7.4.13.u48
7.4.13.u49
7.4.13.u50
7.4.13.u51
7.4.13.u52
7.4.13.u53
7.4.13.u54
7.4.13.u55
7.4.13.u56
7.4.13.u57
7.4.13.u58
7.4.13.u59
7.4.13.u60
7.4.13.u61
7.4.13.u62
7.4.13.u63
7.4.13.u64
7.4.13.u65
7.4.13.u66
7.4.13.u67
7.4.13.u68
7.4.13.u69
7.4.13.u70
7.4.13.u71
7.4.13.u72
7.4.13.u73
7.4.13.u74
7.4.13.u75
7.4.13.u76
7.4.13.u77
7.4.13.u78
7.4.13.u79
7.4.13.u80
7.4.13.u81
7.4.13.u82
7.4.13.u83
7.4.13.u84
7.4.13.u85