Lucene search

K
cve[email protected]CVE-2023-33937
HistoryMay 24, 2023 - 1:15 p.m.

CVE-2023-33937

2023-05-2413:15:09
CWE-79
web.nvd.nist.gov
18
cve-2023-33937
stored xss
liferay portal
liferay dxp
remote attack
web script injection

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

22.8%

Stored cross-site scripting (XSS) vulnerability in Form widget configuration in Liferay Portal 7.1.0 through 7.3.0, and Liferay DXP 7.1 before fix pack 18, and 7.2 before fix pack 5 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a form’s name field.

Affected configurations

NVD
Node
liferaydigital_experience_platformMatch7.1-
OR
liferaydigital_experience_platformMatch7.1fix_pack_1
OR
liferaydigital_experience_platformMatch7.1fix_pack_10
OR
liferaydigital_experience_platformMatch7.1fix_pack_11
OR
liferaydigital_experience_platformMatch7.1fix_pack_12
OR
liferaydigital_experience_platformMatch7.1fix_pack_13
OR
liferaydigital_experience_platformMatch7.1fix_pack_14
OR
liferaydigital_experience_platformMatch7.1fix_pack_15
OR
liferaydigital_experience_platformMatch7.1fix_pack_16
OR
liferaydigital_experience_platformMatch7.1fix_pack_17
OR
liferaydigital_experience_platformMatch7.1fix_pack_2
OR
liferaydigital_experience_platformMatch7.1fix_pack_20
OR
liferaydigital_experience_platformMatch7.1fix_pack_21
OR
liferaydigital_experience_platformMatch7.1fix_pack_22
OR
liferaydigital_experience_platformMatch7.1fix_pack_23
OR
liferaydigital_experience_platformMatch7.1fix_pack_24
OR
liferaydigital_experience_platformMatch7.1fix_pack_25
OR
liferaydigital_experience_platformMatch7.1fix_pack_26
OR
liferaydigital_experience_platformMatch7.1fix_pack_3
OR
liferaydigital_experience_platformMatch7.1fix_pack_4
OR
liferaydigital_experience_platformMatch7.1fix_pack_5
OR
liferaydigital_experience_platformMatch7.1fix_pack_6
OR
liferaydigital_experience_platformMatch7.1fix_pack_7
OR
liferaydigital_experience_platformMatch7.1fix_pack_8
OR
liferaydigital_experience_platformMatch7.1fix_pack_9
OR
liferaydigital_experience_platformMatch7.2-
OR
liferaydigital_experience_platformMatch7.2fix_pack_1
OR
liferaydigital_experience_platformMatch7.2fix_pack_2
OR
liferaydigital_experience_platformMatch7.2fix_pack_3
OR
liferaydigital_experience_platformMatch7.2fix_pack_4
OR
liferayliferay_portalRange7.1.07.3.1

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Portal",
    "vendor": "Liferay",
    "versions": [
      {
        "lessThanOrEqual": "7.3.0",
        "status": "affected",
        "version": "7.1.0",
        "versionType": "maven"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "DXP",
    "vendor": "Liferay",
    "versions": [
      {
        "lessThanOrEqual": "7.1.10-dxp-17",
        "status": "affected",
        "version": "7.1.10",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "7.2.10-dxp-4",
        "status": "affected",
        "version": "7.2.10",
        "versionType": "maven"
      }
    ]
  }
]

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

22.8%

Related for CVE-2023-33937