BIT-liferay-2023-44311

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/liferay/BIT-liferay-2023-44311.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-liferay-2023-44311

Aliases

CVE-2023-44311

Published

2024-01-31T15:16:08.107Z

Modified

2024-02-19T10:36:29.170Z

Summary

[none]

Details

Multiple reflected cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.89, and Liferay DXP 7.4 update 41 through update 89 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter. This issue is caused by an incomplete fix in CVE-2023-33941.

Database specific

{
    "cpes": [
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update41:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update48:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update50:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update52:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update62:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update67:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update76:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update81:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update82:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update83:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update84:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update85:*:*:*:*:*:*",
        "cpe:2.3:a:liferay:digital_experience_platform:7.4:update86:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44311

Affected packages

Bitnami / liferay

Package

Name: liferay
Purl: pkg:bitnami/liferay

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

7.4-update41.0

Last affected

7.4-update41.0

Introduced

7.4-update48.0

Last affected

7.4-update48.0

Introduced

7.4-update50.0

Last affected

7.4-update50.0

Introduced

7.4-update52.0

Last affected

7.4-update52.0

Introduced

7.4-update62.0

Last affected

7.4-update62.0

Introduced

7.4-update67.0

Last affected

7.4-update67.0

Introduced

7.4-update76.0

Last affected

7.4-update76.0

Introduced

7.4-update81.0

Last affected

7.4-update81.0

Introduced

7.4-update82.0

Last affected

7.4-update82.0

Introduced

7.4-update83.0

Last affected

7.4-update83.0

Introduced

7.4-update84.0

Last affected

7.4-update84.0

Introduced

7.4-update85.0

Last affected

7.4-update85.0

Introduced

7.4-update86.0

Last affected

7.4-update86.0