CVE-2023-33943 – com.liferay.portal:release.portal.bom

Package

Manager: maven
Name: com.liferay.portal:release.portal.bom
Vulnerable Version: >=7.4.3.21 <7.4.3.63

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00142 pctl0.34934

Details

Cross-site scripting in Liferay Portal Cross-site scripting (XSS) vulnerability in the Account module in Liferay Portal 7.4.3.21 through 7.4.3.62, and Liferay DXP 7.4 update 21 through 62 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user's (1) First Name, (2) Middle Name, (3) Last Name, or (4) Job Title text field.

Metadata

Created: 2023-05-24T15:30:27Z
Modified: 2023-05-24T18:04:46Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-p9xg-9378-cqp7/GHSA-p9xg-9378-cqp7.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-p9xg-9378-cqp7
Finding: F425
Auto approve: 1