3 matches found
CVE-2023-37940
Cross-site scripting XSS vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted...
CVE-2023-37940
creationtimestamp| type| source ---|---|--- 2024-12-17 21:32:23+00:00| seen| https://infosec.exchange/users/cve/statuses/113670300799021960 2024-12-18 00:18:46+00:00| seen| https://t.me/cvedetector/13141...
CVE-2023-37940
This CVE refers to a Cross-site Scripting (XSS) vulnerability in the Service Access Policy edit page of Liferay Portal and Liferay DXP. A crafted payload placed in the Service Class field can inject script/HTML, affecting Liferay Portal versions 7.0.0–7.4.3.87 and Liferay DXP 7.4 GA–update 87, an...