Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Liferay Portal and Liferay DXP Vulnerable to XSS in the Fragment Components

🗓️ 17 Oct 2023 09:30:23Reported by GitHub Advisory DatabaseType 
github
 github🔗 github.com👁 1 Views

Stored XSS in Liferay Portal and DXP fragment components enables remote script injection via non hypertext fields.

Related
Detection
Refs
ReporterTitlePublishedViews
Family
CNNVD		Liferay Portal and Liferay DXP Cross-Site Scripting Vulnerabilities
17 Oct 202300:00
cnnvd
CVE		CVE-2023-44309
17 Oct 202308:23
cve
Cvelist		CVE-2023-44309
17 Oct 202308:23
cvelist
EUVD		EUVD-2023-48665
3 Oct 202520:07
euvd
NVD		CVE-2023-44309
17 Oct 202309:15
nvd
OSV		BIT-2023-44309
25 Oct 202306:20
osv
OSV		BIT-LIFERAY-2023-44309
31 Jan 202415:16
osv
OSV		CVE-2023-44309
17 Oct 202309:15
osv
OSV		GHSA-J663-6JPJ-XX8C Liferay Portal and Liferay DXP Vulnerable to XSS in the Fragment Components
17 Oct 202309:30
osv
Prion		Cross site scripting
17 Oct 202309:15
prion
Rows per page
Vulners
Node
com.liferay.portalrelease.dxp.bomRange7.4.07.4.13.u54maven
OR
com.liferaycom.liferay.fragment.entry.processor.implRange<3.0.25maven
SourceLink
nvdwww.nvd.nist.gov/vuln/detail/CVE-2023-44309
liferaywww.liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44309
githubwww.github.com/liferay/liferay-portal/commit/1287c68486d60b87179995d8b8bd530031300a47
githubwww.github.com/liferay/liferay-portal/commit/28f8a7aabccce45e9d60cfb0cf63fc53c99b0d26
githubwww.github.com/liferay/liferay-portal/commit/9031a7a03e5891e7ccf762011fe8bcc2e433b1db
githubwww.github.com/liferay/liferay-portal/commit/ba628735cfae8656ab4243ecffce260413ed2460
githubwww.github.com/liferay/liferay-portal/commit/d70fecd2c5709d8dd5f4992b408a640ce912001b
githubwww.github.com/liferay/liferay-portal/commit/e45bf2d00ed7f95f02702a1da3e4115ab30b1bff
githubwww.github.com/liferay/liferay-portal/commit/ed856dd9e2947e3e660d7cfbdb8c604b296db790
githubwww.github.com/advisories/GHSA-j663-6jpj-xx8c
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
08 Aug 2025 21:14Current
5.3Medium risk
Vulners AI Score5.3
CVSS 3.15.4 - 9
EPSS0.00199
SSVC
CWE-79
liferay portalliferay dxpstored xssfragment componentsnon hypertext fields
1