WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2023-33939 Vulnerability in maven package com.liferay:com.liferay.portal.search.web

Description

Cross-site scripting (XSS) vulnerability in the Modified Facet widget in Liferay Portal 7.1.0 through 7.4.3.12, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 18, 7.3 before update 4, and 7.4 before update 9 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a facet label.

Remediation

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33939

Related Vulnerabilities

CVE-2017-12619 Vulnerability in maven package org.apache.zeppelin:zeppelin

CVE-2022-36883 Vulnerability in maven package org.jenkins-ci.plugins:git

CVE-2012-0393 Vulnerability in maven package org.apache.struts.xwork:xwork-core

CVE-2022-36917 Vulnerability in maven package org.jenkins-ci.plugins:google-cloud-backup

CVE-2023-43500 Vulnerability in maven package com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer

Severity

Medium

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory