Description

Cross-site scripting (XSS) vulnerability in Layout module in Liferay Portal 7.3.4 through 7.4.3.68, and Liferay DXP 7.3 before update 24, and 7.4 before update 69 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a container type layout fragment's `URL` text field.

Remediation

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33944

Related Vulnerabilities

CVE-2019-10339 Vulnerability in maven package org.jenkins-ci.plugins:jx-resources

CVE-2015-5344 Vulnerability in maven package org.apache.camel:camel-xstream

CVE-2020-7238 Vulnerability in maven package io.netty:netty-codec-http

CVE-2023-35151 Vulnerability in maven package org.xwiki.platform:xwiki-platform-rest-server

CVE-2018-1000188 Vulnerability in maven package org.jenkins-ci.plugins:cas-plugin

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory