CVE-2023-33942

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-33942
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-33942.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-33942
Aliases
Published
2023-05-24T15:15:09Z
Modified
2024-10-28T20:02:27Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's Title field.

References

Affected packages

Git / github.com/liferay/liferay-portal

Affected ranges

Type
GIT
Repo
https://github.com/liferay/liferay-portal
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected