CVE-2023-33938

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-33938

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-33938.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-33938

Aliases

Withdrawn

2024-10-28T00:41:16.263769Z

Published

2023-05-24T14:15:09Z

Modified

2024-10-27T09:22:21.130737Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cross-site scripting (XSS) vulnerability in the App Builder module's custom object details page in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before update 14 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an App Builder custom object's Name field.

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33938

Affected packages

Git / github.com/liferay/liferay-portal

Affected ranges

Type: GIT
Repo: https://github.com/liferay/liferay-portal
Events: Last affected

0515646c8f638f202d107469cc147172fc7685de

Last affected

4ffdd7225ef4a5fd922703263a3006a741a4d8d0

Introduced

b072f5df5544a28677824835b490ce8a867bf133

Last affected

ec84d86679146b84af526f96471a730c340dda78

Affected versions

7.*

7.3.0-ga1

7.3.1-ga2

7.3.2-ga3