Lucene search

[email protected]CVE-2023-42629

HistoryOct 17, 2023 - 9:15 a.m.

CVE-2023-42629

2023-10-1709:15:10

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-42629

stored xss

liferay portal

nvd

vulnerability

security

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

20.6%

JSON

Stored cross-site scripting (XSS) vulnerability in the manage vocabulary page in Liferay Portal 7.4.2 through 7.4.3.87, and Liferay DXP 7.4 before update 88 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a Vocabulary’s ‘description’ text field.

Affected configurations

NVD

Node

liferaydigital_experience_platformMatch7.4-

liferaydigital_experience_platformMatch7.4update1

liferaydigital_experience_platformMatch7.4update21

liferaydigital_experience_platformMatch7.4update34

liferaydigital_experience_platformMatch7.4update36

liferaydigital_experience_platformMatch7.4update41

liferaydigital_experience_platformMatch7.4update48

liferaydigital_experience_platformMatch7.4update50

liferaydigital_experience_platformMatch7.4update52

liferaydigital_experience_platformMatch7.4update62

liferaydigital_experience_platformMatch7.4update67

liferaydigital_experience_platformMatch7.4update76

liferaydigital_experience_platformMatch7.4update81

liferaydigital_experience_platformMatch7.4update82

liferaydigital_experience_platformMatch7.4update83

liferaydigital_experience_platformMatch7.4update84

liferaydigital_experience_platformMatch7.4update85

liferaydigital_experience_platformMatch7.4update86

liferayliferay_portalRange7.4.2–7.4.3.88

CPENameOperatorVersion
liferay:digital_experience_platformliferay digital experience platformeq7.4
liferay:liferay_portalliferay liferay portallt7.4.3.88

CPE	Name	Operator	Version
liferay:digital_experience_platform	liferay digital experience platform	eq	7.4
liferay:liferay_portal	liferay liferay portal	lt	7.4.3.88

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "DXP",
    "vendor": "Liferay",
    "versions": [
      {
        "lessThanOrEqual": "7.4.13.u87",
        "status": "affected",
        "version": "7.4.13",
        "versionType": "maven"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Portal",
    "vendor": "Liferay",
    "versions": [
      {
        "lessThanOrEqual": "7.4.3.87",
        "status": "affected",
        "version": "7.4.2",
        "versionType": "maven"
      }
    ]
  }
]