Description

Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter.

Remediation

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33941

Related Vulnerabilities

CVE-2019-1003028 Vulnerability in maven package org.jenkins-ci.plugins:jms-messaging

CVE-2018-8039 Vulnerability in maven package org.apache.cxf:cxf-rt-transports-http

CVE-2018-1999031 Vulnerability in maven package org.jenkins-ci.plugins:meliora-testlab

CVE-2019-14837 Vulnerability in maven package org.keycloak:keycloak-services

CVE-2020-2170 Vulnerability in maven package org.jenkins-ci.plugins:rapiddeploy-jenkins

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory