Description

Cross-site scripting (XSS) vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote attackers to inject arbitrary web script or HTML via the Remote App's IFrame URL.

Remediation

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33940

Related Vulnerabilities

CVE-2020-2194 Vulnerability in maven package io.jenkins.plugins:echarts-api

CVE-2016-6809 Vulnerability in maven package org.apache.tika:tika-parsers

CVE-2021-41571 Vulnerability in maven package org.apache.pulsar:pulsar

CVE-2020-5410 Vulnerability in maven package org.springframework.cloud:spring-cloud-config-server

CVE-2023-22832 Vulnerability in maven package org.apache.nifi:nifi-ccda-processors

Severity

Medium

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory