CVE-2023-42498

Опубликовано: 21 фев. 2024

Источник: nvd

CVSS3: 9.6

CVSS3: 6.1

EPSS Низкий

Описание

Reflected cross-site scripting (XSS) vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 4 through 92 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_portal_language_override_web_internal_portlet_PLOPortlet_key parameter.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*

Версия от 7.4.3.8 (включая) до 7.4.3.98 (исключая)

Конфигурация 2

Одно из

cpe:2.3:a:liferay:digital_experience_platform:7.4:update10:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update11:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update12:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update13:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update14:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update15:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update16:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update17:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update18:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update19:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update20:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update21:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update22:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update23:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update24:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update25:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update26:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update27:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update28:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update29:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update30:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update31:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update32:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update33:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update34:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update35:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update36:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update37:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update38:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update39:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update4:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update40:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update41:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update42:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update43:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update44:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update45:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update46:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update47:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update48:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update49:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update5:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update50:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update51:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update52:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update53:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update54:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update55:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update56:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update57:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update58:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update59:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update6:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update60:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update61:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update62:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update63:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update64:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update65:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update66:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update67:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update68:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update69:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update7:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update70:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update71:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update72:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update73:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update74:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update75:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update76:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update77:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update78:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update79:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update8:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update80:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update81:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update82:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update83:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update84:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update85:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update86:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update87:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update88:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update89:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update9:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update90:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update91:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update92:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:2023.q3.0:*:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:2023.q3.1:*:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:2023.q3.2:*:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:2023.q3.3:*:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:2023.q3.4:*:*:*:*:*:*:*

EPSS

Процентиль: 59%

0.00377

Низкий

9.6 Critical

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-73x3-8mrg-5r93

CVSS3: 9.6

github

почти 2 года назад

Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting

EPSS

Процентиль: 59%

0.00377

Низкий

9.6 Critical

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-79