Reflected cross-site scripting (XSS) vulnerability on the Export for Translation page in Liferay Portal 7.4.3.4 through 7.4.3.85, and Liferay DXP 7.4 before update 86 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_translation_web_internal_portlet_TranslationPortlet_redirect` parameter.
References
Link | Resource |
---|---|
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42497 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
23 Oct 2023, 14:09
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:liferay:digital_experience_platform:7.4:update48:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update81:*:*:*:*:*:* cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update50:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update85:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update36:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update34:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update84:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update41:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update1:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update67:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update52:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update76:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update82:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:-:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update62:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update83:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.4:update21:*:*:*:*:*:* |
|
CWE | CWE-79 | |
First Time |
Liferay digital Experience Platform
Liferay liferay Portal Liferay |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
References | (MISC) https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42497 - Vendor Advisory |
17 Oct 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-17 08:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-42497
Mitre link : CVE-2023-42497
CVE.ORG link : CVE-2023-42497
JSON object : View
Products Affected
liferay
- liferay_portal
- digital_experience_platform
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')