Lucene search

K
cve[email protected]CVE-2023-33939
HistoryMay 24, 2023 - 2:15 p.m.

CVE-2023-33939

2023-05-2414:15:09
CWE-79
web.nvd.nist.gov
37
cve-2023-33939
cross-site scripting
xss
liferay portal
security vulnerability
nvd

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

22.8%

Cross-site scripting (XSS) vulnerability in the Modified Facet widget in Liferay Portal 7.1.0 through 7.4.3.12, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 18, 7.3 before update 4, and 7.4 before update 9 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a facet label.

Affected configurations

NVD
Node
liferaydigital_experience_platformMatch7.1-
OR
liferaydigital_experience_platformMatch7.1fix_pack_1
OR
liferaydigital_experience_platformMatch7.1fix_pack_10
OR
liferaydigital_experience_platformMatch7.1fix_pack_11
OR
liferaydigital_experience_platformMatch7.1fix_pack_12
OR
liferaydigital_experience_platformMatch7.1fix_pack_13
OR
liferaydigital_experience_platformMatch7.1fix_pack_14
OR
liferaydigital_experience_platformMatch7.1fix_pack_15
OR
liferaydigital_experience_platformMatch7.1fix_pack_16
OR
liferaydigital_experience_platformMatch7.1fix_pack_17
OR
liferaydigital_experience_platformMatch7.1fix_pack_18
OR
liferaydigital_experience_platformMatch7.1fix_pack_19
OR
liferaydigital_experience_platformMatch7.1fix_pack_2
OR
liferaydigital_experience_platformMatch7.1fix_pack_20
OR
liferaydigital_experience_platformMatch7.1fix_pack_21
OR
liferaydigital_experience_platformMatch7.1fix_pack_22
OR
liferaydigital_experience_platformMatch7.1fix_pack_23
OR
liferaydigital_experience_platformMatch7.1fix_pack_24
OR
liferaydigital_experience_platformMatch7.1fix_pack_25
OR
liferaydigital_experience_platformMatch7.1fix_pack_26
OR
liferaydigital_experience_platformMatch7.1fix_pack_3
OR
liferaydigital_experience_platformMatch7.1fix_pack_4
OR
liferaydigital_experience_platformMatch7.1fix_pack_5
OR
liferaydigital_experience_platformMatch7.1fix_pack_6
OR
liferaydigital_experience_platformMatch7.1fix_pack_7
OR
liferaydigital_experience_platformMatch7.1fix_pack_8
OR
liferaydigital_experience_platformMatch7.1fix_pack_9
OR
liferaydigital_experience_platformMatch7.2-
OR
liferaydigital_experience_platformMatch7.2fix_pack_1
OR
liferaydigital_experience_platformMatch7.2fix_pack_10
OR
liferaydigital_experience_platformMatch7.2fix_pack_11
OR
liferaydigital_experience_platformMatch7.2fix_pack_12
OR
liferaydigital_experience_platformMatch7.2fix_pack_13
OR
liferaydigital_experience_platformMatch7.2fix_pack_14
OR
liferaydigital_experience_platformMatch7.2fix_pack_15
OR
liferaydigital_experience_platformMatch7.2fix_pack_16
OR
liferaydigital_experience_platformMatch7.2fix_pack_2
OR
liferaydigital_experience_platformMatch7.2fix_pack_3
OR
liferaydigital_experience_platformMatch7.2fix_pack_4
OR
liferaydigital_experience_platformMatch7.2fix_pack_5
OR
liferaydigital_experience_platformMatch7.2fix_pack_6
OR
liferaydigital_experience_platformMatch7.2fix_pack_7
OR
liferaydigital_experience_platformMatch7.2fix_pack_8
OR
liferaydigital_experience_platformMatch7.2fix_pack_9
OR
liferaydigital_experience_platformMatch7.3-
OR
liferaydigital_experience_platformMatch7.3fix_pack_1
OR
liferaydigital_experience_platformMatch7.3fix_pack_2
OR
liferaydigital_experience_platformMatch7.4-
OR
liferaydigital_experience_platformMatch7.4update1
OR
liferayliferay_portalRange7.1.07.4.3.12

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Portal",
    "vendor": "Liferay",
    "versions": [
      {
        "lessThanOrEqual": "7.4.3.12",
        "status": "affected",
        "version": "7.1.0",
        "versionType": "maven"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "DXP",
    "vendor": "Liferay",
    "versions": [
      {
        "lessThanOrEqual": "7.1.10-dxp-26",
        "status": "affected",
        "version": "7.1.10",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "7.2.10-dxp-17",
        "status": "affected",
        "version": "7.2.10",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "7.3.10-sp3",
        "status": "affected",
        "version": "7.3.10",
        "versionType": "maven"
      },
      {
        "lessThanOrEqual": "7.4.13.u8",
        "status": "affected",
        "version": "7.4.13",
        "versionType": "maven"
      }
    ]
  }
]

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

22.8%