Description

Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter.

Remediation

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33941

Related Vulnerabilities

CVE-2012-3451 Vulnerability in maven package org.apache.cxf:cxf-bundle

CVE-2018-1000610 Vulnerability in maven package io.jenkins:configuration-as-code

CVE-2016-3102 Vulnerability in maven package org.jenkins-ci.plugins:script-security

CVE-2020-2224 Vulnerability in maven package org.jenkins-ci.plugins:matrix-project

CVE-2013-6448 Vulnerability in maven package org.jboss.seam:jboss-seam-remoting

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory