Lucene search

Veracode Vulnerability DatabaseVERACODE:44415

HistoryNov 28, 2023 - 7:51 a.m.

Cross-site Scripting (XSS)

2023-11-2807:51:08

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross-site scripting

liferay portal

user input

validated

parameter

malicious javascript

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.4%

JSON

com.liferay.portal is vulnerable to Cross-Site Scripting. The vulnerability exists due to a lack of user input validated in the p_l_back_url_title parameter, which allows an attacker to inject and execute malicious JavaScript.

CPENameOperatorVersion
com.liferay.portalle7.4.3.95
com.liferay.portalle7.4.3.95

CPE	Name	Operator	Version
	com.liferay.portal	le	7.4.3.95
	com.liferay.portal	le	7.4.3.95

9.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.4%

JSON

Related for VERACODE:44415