CVE-2023-33944
- Source
- https://cve.org/CVERecord?id=CVE-2023-33944
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-33944.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-33944
- Aliases
- Published
- 2023-05-24T16:15:09.693Z
- Modified
- 2026-04-09T09:37:56.041673Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Cross-site scripting (XSS) vulnerability in Layout module in Liferay Portal 7.3.4 through 7.4.3.68, and Liferay DXP 7.3 before update 24, and 7.4 before update 69 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a container type layout fragment's
URLtext field. - References
Affected packages
Git / github.com/liferay/liferay-portal
Affected ranges
- Type
- GIT
- Repo
- https://github.com/liferay/liferay-portal
- Events
-
IntroducedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroducedLast affected
- Database specific
{ "versions": [ { "introduced": "7.4.0" }, { "last_affected": "7.4.3.68" }, { "introduced": "0" }, { "last_affected": "7.3-update1" }, { "introduced": "0" }, { "last_affected": "7.3-update2" }, { "introduced": "0" }, { "last_affected": "7.3-update3" }, { "introduced": "0" }, { "last_affected": "7.3-update4" }, { "introduced": "0" }, { "last_affected": "7.3-update5" }, { "introduced": "0" }, { "last_affected": "7.3-update6" }, { "introduced": "0" }, { "last_affected": "7.3-update7" }, { "introduced": "7.3.4" }, { "last_affected": "7.3.7" } ] }
Affected versions
6.*
6.1.0-b1
6.1.0-b2
6.1.0-b3
6.1.0-b4
6.1.0-rc1
6.2.0-b1
6.2.0-b2
6.2.0-m2
6.2.0-m3
6.2.0-m4
6.2.0-m5
6.2.0-m6
7.*
7.0.0-m1
7.0.0-m2
7.0.0-m3
7.0.0-m4
7.0.0-m5
7.1.0-a1
7.1.0-a2
7.1.0-b1
7.1.0-b2
7.1.0-m1
7.1.0-m2
7.2.0-a1
7.2.0-b1
7.2.0-b2
7.2.0-b3
7.2.0-m2
7.3.0-ga1
7.3.1-ga2
7.3.2-ga3
7.3.3-ga4
7.3.4-ga5
7.3.5-ga6
7.3.6-ga7
7.3.7-ga8
7.4.0-ga1
7.4.1-ga2
7.4.2-ga3
7.4.3.4-ga4
7.4.3.41-ga41
7.4.3.5-ga5
7.4.3.6-ga6
7.4.3.68-ga68
7.4.3.7-ga7
sync-3.*
sync-3.0.0-b1
sync-3.0.1-b2
sync-3.0.10-ga2
sync-3.0.2-b3
sync-3.0.3-b4
sync-3.0.4-b5
sync-3.0.5-b6
sync-3.0.6-b7
sync-3.0.7-b8
sync-3.0.8-b9
sync-3.0.9-ga1
sync-3.1.0-ga1
Other
test-fix-pack-base-7310
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update10"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update11"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update12"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update13"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update14"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update15"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update16"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update17"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update18"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update19"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update20"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update21"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update22"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update23"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update24"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.3-update9"
}
]
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-33944.json"