Description

Reflected cross-site scripting (XSS) vulnerability on the Export for Translation page in Liferay Portal 7.4.3.4 through 7.4.3.85, and Liferay DXP 7.4 before update 86 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_translation_web_internal_portlet_TranslationPortlet_redirect` parameter.

Remediation

References

CVE-2023-42497

Related Vulnerabilities

WordPress Plugin Popup by Supsystic Cross-Site Scripting (1.10.4)

WordPress Plugin WooCommerce Blocks Security Bypass (3.7.0)

WordPress Plugin Login with phone number Cross-Site Scripting (1.4.1)

WordPress Plugin WP Reroute Email Cross-Site Request Forgery (1.4.6)

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-20401)

Severity

Medium

Classification

CVE-2023-42497 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities