logo

Database

Reflected cross-site scripting (XSS) In com.liferay.portal:release.portal.bom

Description

Liferay Portal XSS with p_l_back_url_title on edit content page Reflected cross-site scripting (XSS) vulnerability on a content page’s edit page in Liferay Portal 7.4.3.94 through 7.4.3.95 allows remote attackers to inject arbitrary web script or HTML via the p_l_back_url_title parameter.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2023-477972. NVD-2023-477973. OSV-2023-477974. GCVE-2023-47797

References

1. https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-47797

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.