CVE-2023-33939

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-33939

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-33939.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-33939

Aliases

Published

2023-05-24T14:15:09.623Z

Modified

2026-02-11T14:48:54.528269Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cross-site scripting (XSS) vulnerability in the Modified Facet widget in Liferay Portal 7.1.0 through 7.4.3.12, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 18, 7.3 before update 4, and 7.4 before update 9 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a facet label.

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33939

Affected packages

Git / github.com/liferay/liferay-portal

Affected ranges

Type: GIT
Repo: https://github.com/liferay/liferay-portal
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

59148a8775a2b2345694a023683d95b478c483c6

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-33939.json"