BIT-liferay-2023-33941

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/liferay/BIT-liferay-2023-33941.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-liferay-2023-33941

Aliases

Published

2024-01-31T15:18:39.689Z

Modified

2024-02-19T10:36:29.170Z

Summary

[none]

Details

Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter.

Database specific

{
    "cpes": [
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update41:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update52:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33941

Affected packages

Bitnami / liferay

Package

Name: liferay
Purl: pkg:bitnami/liferay

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

7.4-update41.0

Last affected

7.4-update41.0

Introduced

7.4-update52.0

Last affected

7.4-update52.0