Description

Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter.

Remediation

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33941

Related Vulnerabilities

CVE-2018-1999035 Vulnerability in maven package com.inedo.buildmaster:inedo-buildmaster

CVE-2023-28669 Vulnerability in maven package org.jenkins-ci.plugins:jacoco

CVE-2022-46688 Vulnerability in maven package org.jenkins-ci.plugins:sonar-gerrit

CVE-2023-41080 Vulnerability in maven package org.apache.tomcat:tomcat

CVE-2014-2858 Vulnerability in maven package org.grails:grails-resources

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory