EUVD-2023-1472

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Cross-site scripting vulnerability in Liferay Portal allows remote script injection via facet label.

Reporter	Title	Published	Views	Family All 14
CNNVD	Liferay Portal和Liferay DXP 跨站脚本漏洞	24 May 202300:00	–	cnnvd
CVE	CVE-2023-33939	24 May 202313:41	–	cve
Cvelist	CVE-2023-33939	24 May 202313:41	–	cvelist
Github Security Blog	Cross-site scripting in Liferay Portal	24 May 202315:30	–	github
Tenable Nessus	Liferay Portal 7.1.0 - 7.1.3, 7.2.0 - 7.2.1, 7.3.0 - 7.3.7, 7.4.0 - 7.4.3.12 XSS	25 May 202300:00	–	nessus
NVD	CVE-2023-33939	24 May 202314:15	–	nvd
OSV	BIT-LIFERAY-2023-33939	31 Jan 202415:18	–	osv
OSV	CVE-2023-33939	24 May 202314:15	–	osv
OSV	GHSA-53MW-69QX-Q4FC Cross-site scripting in Liferay Portal	24 May 202315:30	–	osv
Prion	Cross site scripting	24 May 202314:15	–	prion

[
  {
    "enisaIdVendor": [
      {
        "id": "23878d40-f1cb-3642-b9fe-55ce2f682937",
        "vendor": {
          "name": "Liferay"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "2af57bd5-8137-3f1d-9937-704c1a66bf22",
        "product": {
          "name": "DXP"
        },
        "product_version": "7.3.10 ≤7.3.10-sp3"
      },
      {
        "id": "62a426ec-f109-3b07-87b7-c2bd87b32d0d",
        "product": {
          "name": "DXP"
        },
        "product_version": "7.2.10 ≤7.2.10-dxp-17"
      },
      {
        "id": "ae5b2b7c-b0d6-3249-ab4a-e9472d8f6820",
        "product": {
          "name": "DXP"
        },
        "product_version": "7.1.10 ≤7.1.10-dxp-26"
      },
      {
        "id": "ce4e82fa-43fd-3ecf-a705-024ce2022aa3",
        "product": {
          "name": "Portal"
        },
        "product_version": "7.1.0 ≤7.4.3.12"
      },
      {
        "id": "dd385260-63b6-3b01-9f56-77bbca19acc3",
        "product": {
          "name": "DXP"
        },
        "product_version": "7.4.13 ≤7.4.13.u8"
      }
    ]
  }
]

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-33939
github	www.github.com/liferay/liferay-portal
liferay	www.liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33939

03 Oct 2025 20:07Current

5.5Medium risk

Vulners AI Score5.5

CVSS 3.15.4

EPSS0.00296

SSVC