Description

Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter.

Remediation

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33941

Related Vulnerabilities

CVE-2019-20363 Vulnerability in maven package org.igniterealtime.openfire:xmppserver

CVE-2018-1000602 Vulnerability in maven package org.jenkins-ci.plugins:saml

CVE-2023-46657 Vulnerability in maven package org.jenkins-ci.plugins:gogs-webhook

CVE-2019-10288 Vulnerability in maven package de.e-nexus:jabber-server-plugin

CVE-2023-27096 Vulnerability in maven package cn.hippo4j:hippo4j-all

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory