Description

Cross-site scripting (XSS) vulnerability in the Modified Facet widget in Liferay Portal 7.1.0 through 7.4.3.12, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 18, 7.3 before update 4, and 7.4 before update 9 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a facet label.

Remediation

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33939

Related Vulnerabilities

CVE-2022-34187 Vulnerability in maven package aendter.jenkins.plugins:filesystem-list-parameter-plugin

CVE-2019-10240 Vulnerability in maven package org.eclipse.hawkbit:hawkbit-parent

CVE-2018-10237 Vulnerability in maven package com.google.guava:guava

CVE-2023-29208 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2019-0193 Vulnerability in maven package org.apache.solr:solr-core

Severity

Medium

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory