CVE-2023-33942

CVSS v3.1 5.4 (Medium)

EPSS 0.06 % (24^th)

Affected Products 2

Advisories 1

Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's Title field.

Weaknesses

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE Status: PUBLISHED
CNA: Liferay Inc.
Published Date: 2023-05-24 15:15:09
(16 months ago)
Updated Date: 2023-06-01 04:15:10
(15 months ago)

Affected Products

Liferay

Digital Experience Platform
Liferay Portal

Configuration #1

		CPE23	From	Up To
	Liferay Digital Experience Platform 7.4 Update50	cpe:2.3:a:liferay:digital_experience_platform:7.4:update50
	Liferay Portal 7.4.3.50	cpe:2.3:a:liferay:liferay_portal:7.4.3.50