Amin Achour

**Name of the Vulnerable Software and Affected Versions** Liferay Portal versions 7.4.3.51 through 7.4.3.109 Liferay DXP versions 2023.Q3.1 through 2023.Q3.4 Liferay DXP 7.4 update 51 through update 92 Liferay DXP 7.3 update 33 through update 35 **Description** A stored cross-site scripting (XSS) vulnerability exists in a custom object’s `/o/c/<object-name>` API endpoint. This allows remote attackers to inject arbitrary web script or HTML via the `externalReferenceCode` parameter. **Recommendations** Liferay Portal versions 7.4.3.51 through 7.4.3.109: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Liferay DXP versions 2023.Q3.1 through 2023.Q3.4: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Liferay DXP 7.4 update 51 through update 92: At the moment, there is no information about a newer version that contains a fix for this vulnerability. Liferay DXP 7.3 update 33 through update 35: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tungsten Automation (Kofax) TotalAgility versions all through 7.9.0.25.0.954 **Description** The issue is a Reflected XSS vulnerability that can be exploited through manipulation of the `mfpConnectionId` parameter in a form sent to endpoints "/TotalAgility/Kofax/BrowserDevice/ScanFront.aspx" and "/TotalAgility/Kofax/BrowserDevice/ScanFrontDebug.aspx". This allows for the injection of malicious JavaScript code, potentially leading to information leaks. Exploitation is only possible using POST requests and also requires retrieving or generating a proper `VIEWSTATE` parameter. **Recommendations** For versions all through 7.9.0.25.0.954, consider disabling the `mfpConnectionId` parameter manipulation in the affected endpoints as a temporary workaround until a patch is available. Restrict access to the vulnerable endpoints "/TotalAgility/Kofax/BrowserDevice/ScanFront.aspx" and "/TotalAgility/Kofax/BrowserDevice/ScanFrontDebug.aspx" to minimize the risk of exploitation. Avoid using the `mfpConnectionId` parameter in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Tungsten Automation (Kofax) TotalAgility versions all through 7.9.0.25.0.954 **Description** The issue allows for Reflected XSS attacks through manipulation of the `mfpScreenResolutionWidth` parameter in a form sent to the "/TotalAgility/Kofax/BrowserDevice/ScanFront.aspx" endpoint. This enables the injection of malicious JavaScript code, potentially leading to information leaks. Exploitation is limited to POST requests and requires a proper `VIEWSTATE` parameter, which reduces the risk of a successful attack. **Recommendations** For versions all through 7.9.0.25.0.954, as a temporary workaround, consider restricting access to the `/TotalAgility/Kofax/BrowserDevice/ScanFront.aspx` endpoint until a patch is available. Additionally, avoid using the `mfpScreenResolutionWidth` parameter in the affected form until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Liferay Portal versions 7.3.3 through 7.4.3.97 Liferay DXP 2023.Q3 before patch 6 Liferay DXP 7.4 GA through update 92 Liferay DXP 7.3 before update 34 **Description** A reflected cross-site scripting (XSS) issue exists on the add assignees to a role page, allowing remote attackers to inject arbitrary web script or HTML via the ` com liferay roles admin web portlet RolesAdminPortlet tabs2` parameter. This enables attackers to execute malicious scripts on the victim's browser. **Recommendations** For Liferay Portal versions 7.3.3 through 7.4.3.97, update to a version outside of this range to resolve the issue. For Liferay DXP 2023.Q3, apply patch 6 or later. For Liferay DXP 7.4 GA, apply update 93 or later. For Liferay DXP 7.3, apply update 35 or later. As a temporary workaround, consider restricting access to the add assignees to a role page until a patch is applied. Avoid using the ` com liferay roles admin web portlet RolesAdminPortlet tabs2` parameter in the affected page until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Liferay Portal versions 7.4.3.8 through 7.4.3.97 Liferay DXP 2023.Q3 before patch 5 Liferay DXP versions 7.4 update 4 through 92 **Description** A reflected cross-site scripting (XSS) issue exists in the Language Override edit screen, allowing remote attackers to inject arbitrary web script or HTML via the ` com liferay portal language override web internal portlet PLOPortlet key` parameter. This enables attackers to execute malicious code on the victim's browser. **Recommendations** For Liferay Portal versions 7.4.3.8 through 7.4.3.97, update to a version outside of this range to resolve the issue. For Liferay DXP 2023.Q3, apply patch 5 to fix the vulnerability. For Liferay DXP versions 7.4 update 4 through 92, update to a version outside of this range or apply the necessary patch to resolve the issue. As a temporary workaround, consider restricting access to the Language Override edit screen until a patch is available. Avoid using the ` com liferay portal language override web internal portlet PLOPortlet key` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Liferay Portal versions 7.4.3.44 through 7.4.3.97 Liferay DXP 2023.Q3 before patch 6 Liferay DXP versions 7.4 update 44 through 92 **Description** A reflected cross-site scripting (XSS) issue exists in the instance settings for Accounts, allowing remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the `Blocked Email Domains` text field. This enables attackers to execute malicious scripts on the victim's browser. **Recommendations** For Liferay Portal versions 7.4.3.44 through 7.4.3.97, update to a version outside of this range to resolve the issue. For Liferay DXP 2023.Q3, apply patch 6 or later to fix the vulnerability. For Liferay DXP versions 7.4 update 44 through 92, update to a version outside of this range or apply the necessary patch to resolve the issue. As a temporary workaround, consider restricting access to the `Blocked Email Domains` text field in the instance settings for Accounts until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Liferay DXP versions 7.4 GA through update 92 Liferay DXP 2023.Q3 before patch 6 **Description** The issue allows remote attackers to redirect users to arbitrary external URLs via the ` com liferay adaptive media web portlet AMPortlet redirect` parameter in the adaptive media administration page. **Recommendations** For Liferay DXP versions 7.4 GA through update 92, update to a version after update 92 to resolve the issue. For Liferay DXP 2023.Q3 before patch 6, apply patch 6 to fix the problem. As a temporary workaround, consider restricting access to the ` com liferay adaptive media web portlet AMPortlet redirect` parameter in the adaptive media administration page until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Liferay Portal versions 7.4.3.45 through 7.4.3.101 Liferay DXP 2023.Q3 before patch 6 Liferay DXP versions 7.4 update 45 through 92 **Description** The issue is an open redirect vulnerability in the Countries Management’s edit region page. This allows remote attackers to redirect users to arbitrary external URLs via the ` com liferay address web internal portlet CountriesManagementAdminPortlet redirect` parameter. **Recommendations** For Liferay Portal versions 7.4.3.45 through 7.4.3.101, update to a version outside of this range to resolve the issue. For Liferay DXP 2023.Q3, apply patch 6 to fix the vulnerability. For Liferay DXP versions 7.4 update 45 through 92, update to a version outside of this range or apply the necessary patch. As a temporary workaround, consider restricting access to the ` com liferay address web internal portlet CountriesManagementAdminPortlet redirect` parameter in the affected API endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Liferay Portal versions 7.4.3.4 through 7.4.3.85 Liferay DXP 7.4 before update 86 **Description** A reflected cross-site scripting (XSS) issue exists on the Export for Translation page, allowing remote attackers to inject arbitrary web script or HTML via the ` com liferay translation web internal portlet TranslationPortlet redirect` parameter. This enables attackers to execute malicious scripts in the context of the victim's browser. **Recommendations** For Liferay Portal versions 7.4.3.4 through 7.4.3.85, update to a version after 7.4.3.85 to resolve the issue. For Liferay DXP 7.4 before update 86, apply update 86 or later to fix the vulnerability. As a temporary workaround, consider restricting access to the Export for Translation page and the ` com liferay translation web internal portlet TranslationPortlet redirect` parameter until a patch is available.