WEB APPLICATION VULNERABILITIES Standard & Premium

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-47795)

Description

Stored cross-site scripting (XSS) vulnerability in the Document and Media widget in Liferay Portal 7.4.3.18 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 18 through 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into a document's “Title” text field.

Remediation

References

Related Vulnerabilities

WordPress Plugin Recipe Card Blocks for Gutenberg & Elementor Cross-Site Scripting (2.8.0)

Nginx Improper Certificate Validation Vulnerability (CVE-2009-3555)

WordPress Plugin Booster for WooCommerce Security Bypass (5.4.3)

WordPress Plugin Photo Gallery by Ays-Responsive Image Gallery SQL Injection (4.4.3)

Mailman Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2006-4624)

Severity

Medium

Classification

CVE-2023-47795 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities