Description

Cross-site scripting (XSS) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter.

Remediation

References

CVE-2023-3193

Related Vulnerabilities

PHP Improper Input Validation Vulnerability (CVE-2016-3185)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-3734)

WordPress Plugin Row Seats Core Unspecified Vulnerability (2.66)

WordPress Plugin Ajax Calendar 'example.php' Cross-Site Scripting (1.0)

Drupal Core 4.6.x Security Bypass (4.6.0 - 4.6.3)

Severity

Medium

Classification

CVE-2023-3193 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Tags

Missing Update Known Vulnerabilities