Description
Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter.
Affected Software
Related
{"id": "GHSA-MVFV-W3FQ-XP67", "vendorId": null, "type": "github", "bulletinFamily": "software", "title": "Cross-site scripting in Liferay Portal", "description": "Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter.", "published": "2023-05-24T15:30:27", "modified": "2023-05-24T18:04:31", "epss": [{"cve": "CVE-2023-33941", "epss": 0.00059, "percentile": 0.23102, "modified": "2023-07-23"}], "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE", "baseScore": 5.8}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 4.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "href": "https://github.com/advisories/GHSA-mvfv-w3fq-xp67", "reporter": "GitHub Advisory Database", "references": ["https://nvd.nist.gov/vuln/detail/CVE-2023-33941", "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33941", "https://github.com/advisories/GHSA-mvfv-w3fq-xp67"], "cvelist": ["CVE-2023-33941"], "immutableFields": [], "lastseen": "2023-07-24T08:16:23", "viewCount": 5, "enchantments": {"score": {"value": 6.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2023-33941"]}, {"type": "nessus", "idList": ["LIFERAY_7_4_3_53_CVE-2023-39941.NASL"]}, {"type": "osv", "idList": ["OSV:GHSA-MVFV-W3FQ-XP67"]}, {"type": "veracode", "idList": ["VERACODE:40776"]}]}, "vulnersScore": 6.0}, "_state": {"score": 1690188191, "dependencies": 1690188423}, "_internal": {"score_hash": "fe79fb893b42ff14a012bdb30f4b4a18"}, "affectedSoftware": [{"version": "7.4.3.53", "operator": "lt", "ecosystem": "MAVEN", "name": "com.liferay.portal:release.portal.bom"}]}
{"prion": [{"lastseen": "2023-08-15T14:39:17", "description": "Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2023-05-24T15:15:00", "type": "prion", "title": "CVE-2023-33941", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-33941"], "modified": "2023-05-31T19:11:00", "id": "PRION:CVE-2023-33941", "href": "https://kb.prio-n.com/vulnerability/CVE-2023-33941", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "veracode": [{"lastseen": "2023-07-24T08:29:45", "description": "com.liferay.oauth2.provider.service is vulnerable to Cross-site Scripting (XSS). The vulnerability exists in the OAuth 2.0 module's `OAuth2ProviderApplicationRedirect` class in the library, which allows an attacker to inject and execute malicious web script or HTML via the `code` or `error` parameters.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2023-06-03T10:26:37", "type": "veracode", "title": "Cross-site Scripting (XSS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-33941"], "modified": "2023-06-07T20:17:53", "id": "VERACODE:40776", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-40776/summary", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "osv": [{"lastseen": "2023-05-24T18:32:24", "description": "Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter.", "cvss3": {}, "published": "2023-05-24T15:30:27", "type": "osv", "title": "Cross-site scripting in Liferay Portal", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2023-33941"], "modified": "2023-05-24T18:32:16", "id": "OSV:GHSA-MVFV-W3FQ-XP67", "href": "https://osv.dev/vulnerability/GHSA-mvfv-w3fq-xp67", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2023-06-29T13:12:03", "description": "Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-05-26T00:00:00", "type": "nessus", "title": "Liferay Portal 7.4.3.41 <= 7.4.3.52 Reflected XSS", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2023-33941"], "modified": "2023-06-22T00:00:00", "cpe": ["cpe:/a:liferay:liferay_portal"], "id": "LIFERAY_7_4_3_53_CVE-2023-39941.NASL", "href": "https://www.tenable.com/plugins/nessus/176413", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(176413);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/06/22\");\n\n script_cve_id(\"CVE-2023-33941\");\n script_xref(name:\"IAVA\", value:\"2023-A-0267-S\");\n\n script_name(english:\"Liferay Portal 7.4.3.41 <= 7.4.3.52 Reflected XSS\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application running on a remote web server host is affected by a cross-site scripting vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's \nOAuth2ProviderApplicationRedirect class in Liferay Portal allow remote attackers to inject arbitrary web script or \nHTML via the (1) code, or (2) error parameter.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33941?_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_assetEntryId=121810594&_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_redirect=https%3A%2F%2Fliferay.dev%3A443%2Fportal%2Fsecurity%2Fknown-vulnerabilities%3Fp_p_id%3Dcom_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt%26p_p_lifecycle%3D0%26p_p_state%3Dnormal%26p_p_mode%3Dview%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_assetEntryId%3D121810594%26_com_liferay_asset_publisher_web_portlet_AssetPublisherPortlet_INSTANCE_jekt_cur%3D0%26p_r_p_resetCur%3Dfalse\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?42303b39\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Liferay Portal 7.4.3.53 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2023-33941\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2023/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/05/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/05/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:liferay:liferay_portal\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"liferay_detect.nasl\");\n script_require_keys(\"installed_sw/liferay_portal\");\n script_require_ports(\"Services/www\", 8080);\n\n exit(0);\n}\ninclude('http.inc');\ninclude('vcf.inc');\n\nvar port = get_http_port(default:8080);\nvar app_info = vcf::get_app_info(app:'liferay_portal', webapp:TRUE, port:port);\n\nvar constraints = [\n { 'min_version':'7.4.3.41', 'fixed_version':'7.4.3.53' }\n];\n\nvcf::check_version_and_report(\n app_info:app_info, \n constraints:constraints,\n severity:SECURITY_WARNING,\n flags:{'xss':TRUE} \n);", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2023-07-24T06:23:33", "description": "Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2023-05-24T15:15:00", "type": "cve", "title": "CVE-2023-33941", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2023-33941"], "modified": "2023-05-31T19:11:00", "cpe": ["cpe:/a:liferay:digital_experience_platform:7.4", "cpe:/a:liferay:liferay_portal:7.4.3.52"], "id": "CVE-2023-33941", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33941", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:liferay:liferay_portal:7.4.3.52:*:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update52:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update41:*:*:*:*:*:*"]}]}
Cross-site scripting in Liferay Portal
