Description

Cross-site scripting (XSS) vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote attackers to inject arbitrary web script or HTML via the Remote App's IFrame URL.

Remediation

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33940

Related Vulnerabilities

CVE-2023-27904 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2023-50730 Vulnerability in maven package org.typelevel:grackle-core_sjs1_2.13

CVE-2019-12400 Vulnerability in maven package org.apache.santuario:xmlsec

CVE-2020-24590 Vulnerability in maven package org.wso2.carbon.governance:org.wso2.carbon.governance.generic.ui

CVE-2018-1999040 Vulnerability in maven package org.csanchez.jenkins.plugins:kubernetes

Severity

Medium

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory