CVE-2023-33940
- Source
- https://cve.org/CVERecord?id=CVE-2023-33940
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-33940.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-33940
- Aliases
- Published
- 2023-05-24T14:15:09.697Z
- Modified
- 2026-05-28T04:08:56.199166474Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Cross-site scripting (XSS) vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote attackers to inject arbitrary web script or HTML via the Remote App's IFrame URL.
- Database specific
{ "unresolved_ranges": [ { "extracted_events": [ { "last_affected": "7.4-NA" }, { "last_affected": "7.4-update1" }, { "last_affected": "7.4-update10" }, { "last_affected": "7.4-update11" }, { "last_affected": "7.4-update12" }, { "last_affected": "7.4-update13" }, { "last_affected": "7.4-update14" }, { "last_affected": "7.4-update15" }, { "last_affected": "7.4-update16" }, { "last_affected": "7.4-update17" }, { "last_affected": "7.4-update18" }, { "last_affected": "7.4-update19" }, { "last_affected": "7.4-update2" }, { "last_affected": "7.4-update20" }, { "last_affected": "7.4-update21" }, { "last_affected": "7.4-update22" }, { "last_affected": "7.4-update23" }, { "last_affected": "7.4-update24" }, { "last_affected": "7.4-update25" }, { "last_affected": "7.4-update26" }, { "last_affected": "7.4-update27" }, { "last_affected": "7.4-update28" }, { "last_affected": "7.4-update29" }, { "last_affected": "7.4-update3" }, { "last_affected": "7.4-update30" }, { "last_affected": "7.4-update4" }, { "last_affected": "7.4-update5" }, { "last_affected": "7.4-update6" }, { "last_affected": "7.4-update7" }, { "last_affected": "7.4-update8" }, { "last_affected": "7.4-update9" } ], "source": "CPE_STRING", "cpes": [ "cpe:2.3:a:liferay:digital_experience_platform:7.4:-:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update10:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update11:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update12:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update13:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update14:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update15:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update16:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update17:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update18:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update19:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update1:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update20:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update21:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update22:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update23:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update24:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update25:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update26:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update27:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update28:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update29:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update2:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update30:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update3:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update4:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update5:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update6:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update7:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update8:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update9:*:*:*:*:*:*" ], "vendor_product": "liferay:digital_experience_platform" } ] }- References