Description

Cross-site scripting (XSS) vulnerability in Layout module in Liferay Portal 7.3.4 through 7.4.3.68, and Liferay DXP 7.3 before update 24, and 7.4 before update 69 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a container type layout fragment's `URL` text field.

Remediation

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33944

Related Vulnerabilities

CVE-2021-23266 Vulnerability in maven package org.craftercms:crafter-engine

CVE-2022-34211 Vulnerability in maven package org.jenkins-ci.plugins:vmware-vrealize-orchestrator

CVE-2023-43498 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2020-5219 Vulnerability in npm package angular-expressions

CVE-2019-1003085 Vulnerability in maven package org.jenkins-ci.plugins:zephyr-enterprise-test-management

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory