Description

Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter.

Remediation

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33941

Related Vulnerabilities

CVE-2022-29258 Vulnerability in maven package org.xwiki.platform:xwiki-platform-filter-ui

CVE-2022-22963 Vulnerability in maven package org.springframework.cloud:spring-cloud-function-core

CVE-2020-11022 Vulnerability in maven package org.webjars.npm:jquery

CVE-2018-11093 Vulnerability in npm package @ckeditor/ckeditor5-link

CVE-2012-0394 Vulnerability in maven package org.apache.struts.xwork:xwork-core

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory