Description

Cross-site scripting (XSS) vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote attackers to inject arbitrary web script or HTML via the Remote App's IFrame URL.

Remediation

References

CVE-2023-33940

Related Vulnerabilities

WordPress Plugin WP Floating Menu-One page navigator, sticky menu for WordPress includes Backdoor [Only if downloaded via the vendor website] (1.4.4)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Cross-Site Scripting (2.0.17)

PHP Address Book Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-2778)

PHP Other Vulnerability (CVE-2015-6838)

Apache 2.x version older than 2.0.48

Severity

Medium

Classification

CVE-2023-33940 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities