Description

Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter.

Remediation

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33941

Related Vulnerabilities

CVE-2023-37942 Vulnerability in maven package org.jenkins-ci.plugins:external-monitor-job

CVE-2022-22965 Vulnerability in maven package org.springframework:spring-webflux

CVE-2013-5855 Vulnerability in maven package org.glassfish:javax.faces

CVE-2020-2321 Vulnerability in maven package org.jenkins-ci.plugins:shelve-project-plugin

CVE-2022-43414 Vulnerability in maven package org.jenkins-ci.plugins:nunit

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory