Description

Reflected cross-site scripting (XSS) vulnerability on the Export for Translation page in Liferay Portal 7.4.3.4 through 7.4.3.85, and Liferay DXP 7.4 before update 86 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_translation_web_internal_portlet_TranslationPortlet_redirect` parameter.

Remediation

References

CVE-2023-42497

Related Vulnerabilities

WordPress Plugin Video.js-HTML5 Video Player for Wordpress Cross-Site Scripting (4.5.0)

WordPress Plugin Cookie Notice & Consent Banner for GDPR & CCPA Compliance Cross-Site Scripting (1.7.1)

Atlassian Confluence Improper Input Validation Vulnerability (CVE-2018-13389)

IBM RTC Session Fixation Vulnerability (CVE-2018-1492)

Oracle Database Server CVE-2007-2117 Vulnerability (CVE-2007-2117)

Severity

Medium

Classification

CVE-2023-42497 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities