GHSA-wv99-wmpf-jrqr
Suggest an improvement- Source
- https://github.com/advisories/GHSA-wv99-wmpf-jrqr
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-wv99-wmpf-jrqr/GHSA-wv99-wmpf-jrqr.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-wv99-wmpf-jrqr
- Aliases
- Published
- 2023-05-24T15:30:27Z
- Modified
- 2023-12-06T01:03:02.884099Z
- Severity
-
- 6.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Cross-site scripting in Liferay Portal
- Details
-
Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's
Titlefield. - Database specific
{ "nvd_published_at": "2023-05-24T15:15:09Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-05-24T18:04:41Z" }- References
Affected packages
Maven / com.liferay.portal:release.portal.bom
Package
- Name
- com.liferay.portal:release.portal.bom
- View open source insights on deps.dev
- Purl
- pkg:maven/com.liferay.portal/release.portal.bom