Description

Multiple reflected cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.89, and Liferay DXP 7.4 update 41 through update 89 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter. This issue is caused by an incomplete fix in CVE-2023-33941.

Remediation

References

CVE-2023-44311

Related Vulnerabilities

MySQL CVE-2014-2432 Vulnerability (CVE-2014-2432)

Drupal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2015-2749)

Sqlite Out-of-bounds Write Vulnerability (CVE-2020-15358)

WordPress Plugin JW Player for Flash & HTML5 Video Cross-Site Request Forgery (2.1.11)

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-14594)

Severity

Medium

Classification

CVE-2023-44311 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities