Liferay Portal 7.4.3.50 < 7.4.3.51 XSS

2023-05-2900:00:00

www.tenable.com

Cross-site scripting (XSS) vulnerability in the Web Content Display widget’s article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article’s Title field.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable Inc.
##

include('compat.inc');

if (description)
{
  script_id(176447);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/06/22");

  script_cve_id("CVE-2023-33942");
  script_xref(name:"IAVA", value:"2023-A-0267-S");

  script_name(english:"Liferay Portal 7.4.3.50 < 7.4.3.51 XSS");

  script_set_attribute(attribute:"synopsis", value:
"An application running on a remote web server host is affected by a cross-site scripting vulnerability");
  script_set_attribute(attribute:"description", value:
"Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay 
Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via 
a crafted payload injected into a web content article's Title field.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33942
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?916d24bd");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Liferay Portal 7.4.3.51 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-33942");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/05/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/05/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/05/29");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:liferay:liferay_portal");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses : XSS");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("liferay_detect.nasl");
  script_require_keys("installed_sw/liferay_portal");
  script_require_ports("Services/www", 8080);

  exit(0);
}
include('http.inc');
include('vcf.inc');

var port = get_http_port(default:8080);
var app_info = vcf::get_app_info(app:'liferay_portal', webapp:TRUE, port:port);

var constraints = [ { 'min_version' : '7.4.3.50', 'fixed_version' : '7.4.3.51' } ];

vcf::check_version_and_report(
  app_info:app_info, 
  constraints:constraints, 
  severity:SECURITY_WARNING,
  flags:{'xss':TRUE}
);

VendorProductVersionCPE
liferayliferay_portalcpe:/a:liferay:liferay_portal

Vendor	Product	Version	CPE
liferay	liferay_portal		cpe:/a:liferay:liferay_portal

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33942

www.nessus.org/u?916d24bd

JSON

Related for LIFERAY_7_4_3_51_CVE-2023-33942.NASL