CVE-2023-33941

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.41 through 7.4.3.52 Liferay DXP 7.4 update 41 through 52

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the code or error parameters.

Recommendations For Liferay Portal versions 7.4.3.41 through 7.4.3.52, update to a version outside of this range to resolve the issue. For Liferay DXP 7.4 update 41 through 52, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the OAuth2ProviderApplicationRedirect class until a patch is available. Avoid using the code and error parameters in the affected module until the issue is resolved.