CVE-2023-33942

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.50 Liferay DXP 7.4 update 50

Description A cross-site scripting (XSS) issue exists in the Web Content Display widget's article selector, allowing remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's Title field.

Recommendations For Liferay Portal version 7.4.3.50, consider disabling the Web Content Display widget until a patch is available. For Liferay DXP 7.4 update 50, restrict access to the article selector in the Web Content Display widget to minimize the risk of exploitation. Avoid using the Title field in web content articles until the issue is resolved.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BIT-LIFERAY-2023-33942

CVE-2023-33942

GHSA-WV99-WMPF-JRQR

Affected Products

Liferay Dxp

Liferay Portal

CVE-2023-33942

Weakness Enumeration

Related Identifiers

Affected Products

References · 7