Description

Cross-site scripting (XSS) vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote attackers to inject arbitrary web script or HTML via the Remote App's IFrame URL.

Remediation

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33940

Related Vulnerabilities

CVE-2007-0185 Vulnerability in maven package dwr:dwr

CVE-2021-41766 Vulnerability in maven package org.apache.karaf:apache-karaf

CVE-2020-1717 Vulnerability in maven package org.keycloak:keycloak-parent

CVE-2020-27220 Vulnerability in maven package org.eclipse.hono:hono-adapter-mqtt-vertx-base

CVE-2023-2585 Vulnerability in maven package org.keycloak:keycloak-server-spi-private

Severity

Medium

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory