Description

Cross-site scripting (XSS) vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote attackers to inject arbitrary web script or HTML via the Remote App's IFrame URL.

Remediation

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33940

Related Vulnerabilities

CVE-2021-21380 Vulnerability in maven package org.xwiki.platform:xwiki-platform-ratings-api

CVE-2023-34054 Vulnerability in maven package io.projectreactor.netty:reactor-netty-http

CVE-2022-41244 Vulnerability in maven package org.jenkins-ci.plugins:view26

CVE-2021-22051 Vulnerability in maven package org.springframework.cloud:spring-cloud-gateway-server

CVE-2023-30516 Vulnerability in maven package org.jenkins-ci.plugins:image-tag-parameter

Severity

Medium

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory