Description

Cross-site scripting (XSS) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter.

Remediation

References

CVE-2023-3193

Related Vulnerabilities

Joomla Improper Input Validation Vulnerability (CVE-2008-4103)

Jboss EAP Cryptographic Issues Vulnerability (CVE-2013-1921)

phpMyAdmin 7PK - Security Features Vulnerability (CVE-2016-2041)

MySQL CVE-2015-2582 Vulnerability (CVE-2015-2582)

WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-1936)

Severity

Medium

Classification

CVE-2023-3193 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities