Cross-site scripting (XSS) vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote attackers to inject arbitrary web script or HTML via the Remote App’s IFrame URL.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable Inc.
##
include('compat.inc');
if (description)
{
script_id(176449);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/06/22");
script_cve_id("CVE-2023-33940");
script_xref(name:"IAVA", value:"2023-A-0267-S");
script_name(english:"Liferay Portal 7.4.0 < 7.4.3.31 XSS");
script_set_attribute(attribute:"synopsis", value:
"An application running on a remote web server host is affected by a cross-site scripting vulnerability");
script_set_attribute(attribute:"description", value:
"Cross-site scripting (XSS) vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through 7.4.3.30, and
Liferay DXP 7.4 before update 31 allows remote attackers to inject arbitrary web script or HTML via the Remote App's
IFrame URL.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33940
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e32efb98");
script_set_attribute(attribute:"solution", value:
"Upgrade to Liferay Portal 7.4.3.31 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-33940");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/05/24");
script_set_attribute(attribute:"patch_publication_date", value:"2023/05/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/05/29");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:liferay:liferay_portal");
script_set_attribute(attribute:"stig_severity", value:"I");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses : XSS");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("liferay_detect.nasl");
script_require_keys("installed_sw/liferay_portal");
script_require_ports("Services/www", 8080);
exit(0);
}
include('http.inc');
include('vcf.inc');
var port = get_http_port(default:8080);
var app_info = vcf::get_app_info(app:'liferay_portal', webapp:TRUE, port:port);
var constraints = [ { 'min_version' : '7.4.0', 'fixed_version' : '7.4.3.31' } ];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_WARNING,
flags:{'xss':TRUE}
);
Vendor | Product | Version | CPE |
---|---|---|---|
liferay | liferay_portal | cpe:/a:liferay:liferay_portal |