Description

Multiple reflected cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.89, and Liferay DXP 7.4 update 41 through update 89 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter. This issue is caused by an incomplete fix in CVE-2023-33941.

Remediation

References

CVE-2023-44311

Related Vulnerabilities

Squid NULL Pointer Dereference Vulnerability (CVE-2018-1172)

WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler Unspecified Vulnerability (5.1.2)

WordPress Plugin BAVOKO SEO Tools-All-in-One WordPress SEO Security Bypass (2.1.9.7)

WordPress Plugin AppPresser-Mobile App Framework Security Bypass (4.3.0)

MySQL CVE-2014-0386 Vulnerability (CVE-2014-0386)

Severity

Medium

Classification

CVE-2023-44311 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities