GHSA-wvhw-5m89-64gv

Source

https://github.com/advisories/GHSA-wvhw-5m89-64gv

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-wvhw-5m89-64gv/GHSA-wvhw-5m89-64gv.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-wvhw-5m89-64gv

Aliases

Published

2023-05-24T15:30:27Z

Modified

2024-02-16T08:21:27.046937Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Cross-site scripting in Liferay Portal

Details

Cross-site scripting (XSS) vulnerability in the App Builder module's custom object details page in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before update 14 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an App Builder custom object's Name field.

Database specific

{
    "nvd_published_at": "2023-05-24T14:15:09Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-05-24T18:04:19Z"
}

References

Affected packages

Maven / com.liferay.portal:release.portal.bom

Package

Name: com.liferay.portal:release.portal.bom; View open source insights on deps.dev
Purl: pkg:maven/com.liferay.portal/release.portal.bom

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.3.0

Fixed

7.4.1

Affected versions

7.*

7.3.0

7.3.0-1

7.3.1

7.3.1-1

7.3.2

7.3.2-1

7.3.3

7.3.3-1

7.3.4

7.3.5

7.3.6

7.3.7

7.4.0