CVE-2023-33938

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-33938

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-33938.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-33938

Aliases

Published

2023-05-24T14:15:09.550Z

Modified

2026-01-10T04:11:32.335579Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cross-site scripting (XSS) vulnerability in the App Builder module's custom object details page in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before update 14 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an App Builder custom object's Name field.

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33938

Affected packages

Git / github.com/liferay/liferay-portal

Affected ranges

Type: GIT
Repo: https://github.com/liferay/liferay-portal
Events: Last affected

0515646c8f638f202d107469cc147172fc7685de

Last affected

29b73b9b896c7d44fb5d1800a402698c303d1cf6

Introduced

b072f5df5544a28677824835b490ce8a867bf133

Last affected

29b73b9b896c7d44fb5d1800a402698c303d1cf6

Last affected

3cc350081830d5b3ed7848d769d3985a6bbf0469

Last affected

4ffdd7225ef4a5fd922703263a3006a741a4d8d0

Last affected

6d28f4266948e7b0eeb14c3e8d16b3d81e02e8bb

Last affected

77b773677e0fa17b1a869414ad66220245ba96a8

Last affected

ec84d86679146b84af526f96471a730c340dda78

Last affected

f193301b2848899b008d51513af62a3b3a9b7888

Affected versions

7.*

7.3.0-ga1

7.3.1-ga2

7.3.2-ga3

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-33938.json"