Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2023-33938 Vulnerability in maven package com.liferay.portal:release.portal.bom

Description

Cross-site scripting (XSS) vulnerability in the App Builder module's custom object details page in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before update 14 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an App Builder custom object's `Name` field.

Remediation

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33938

Related Vulnerabilities

CVE-2018-16115 Vulnerability in maven package com.typesafe.akka:akka-actor_2.12

CVE-2019-10460 Vulnerability in maven package org.jenkins-ci.plugins:bitbucket-oauth

CVE-2023-24998 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2015-7539 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2013-2067 Vulnerability in maven package org.apache.tomcat:catalina

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory