Veracode Vulnerability DatabaseVERACODE:40797Cross-site Scripting (XSS)
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4.9 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
0.0005 Low
EPSS
Percentile
16.7%
com.liferay.client.extension.type.impl is vulnerable to Cross-site Scripting (XSS). The vulnerability exists in the IFrame-type remote apps in the library because it does not properly escape the URL fields, which allows an attacker to inject and execute malicious JavaScript through the remote app’s IFrame URL.
| CPE | Name | Operator | Version |
|---|---|---|---|
| com.liferay.client.extension.type.impl | le | 1.0.5 | |
| com.liferay.client.extension.type.impl | le | 1.0.5 |
Related
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4.9 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
0.0005 Low
EPSS
Percentile
16.7%