Description

Cross-site scripting (XSS) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter.

Remediation

References

CVE-2023-3193

Related Vulnerabilities

WordPress Plugin Global Flash Galleries Cross-Site Scripting (0.13.4)

MySQL CVE-2018-3155 Vulnerability (CVE-2018-3155)

MyBB Improper Privilege Management Vulnerability (CVE-2018-1000503)

WordPress Plugin Party Hall Booking Manager SQL Injection (1.1)

WordPress Plugin Rich Table of Contents Cross-Site Scripting (1.3.7)

Severity

Medium

Classification

CVE-2023-3193 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities