Description

Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter.

Remediation

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33941

Related Vulnerabilities

CVE-2014-3682 Vulnerability in maven package org.jbpm:jbpm-designer-backend

CVE-2020-6423 Vulnerability in maven package org.webjars.npm:electron

CVE-2021-39235 Vulnerability in maven package org.apache.ozone:ozone-main

CVE-2023-34459 Vulnerability in npm package @openzeppelin/contracts

CVE-2023-36469 Vulnerability in maven package org.xwiki.platform:xwiki-platform-notifications-ui

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory