Description

Cross-site scripting (XSS) vulnerability in the Modified Facet widget in Liferay Portal 7.1.0 through 7.4.3.12, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 18, 7.3 before update 4, and 7.4 before update 9 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a facet label.

Remediation

References

CVE-2023-33939

Related Vulnerabilities

WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler Security Bypass (6.9.11)

WordPress Plugin Booster for WooCommerce Multiple Cross-Site Scripting Vulnerabilities (5.4.8)

WordPress Plugin Analytics Tracker Cross-Site Scripting (1.1.0)

Python Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') Vulnerability (CVE-2016-5699)

WordPress Plugin WP Hotel Booking Cross-Site Request Forgery (1.10.1)

Severity

Medium

Classification

CVE-2023-33939 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities