CVE-2023-42629

Опубликовано: 17 окт. 2023

Источник: nvd

CVSS3: 9

CVSS3: 5.4

EPSS Низкий

Описание

Stored cross-site scripting (XSS) vulnerability in the manage vocabulary page in Liferay Portal 7.4.2 through 7.4.3.87, and Liferay DXP 7.4 before update 88 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a Vocabulary's 'description' text field.

Ссылки

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42629
Vendor Advisory
https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-liferay-portal/
Exploit
Third Party Advisory
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42629
Vendor Advisory
https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-liferay-portal/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:liferay:digital_experience_platform:7.4:-:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update1:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update21:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update34:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update36:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update41:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update48:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update50:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update52:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update62:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update67:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update76:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update81:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update82:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update83:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update84:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update85:*:*:*:*:*:*

cpe:2.3:a:liferay:digital_experience_platform:7.4:update86:*:*:*:*:*:*

cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*

Версия от 7.4.2 (включая) до 7.4.3.88 (исключая)

EPSS

Процентиль: 43%

0.00208

Низкий

9 Critical

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-g44j-f8wm-6622

CVSS3: 9

github

больше 2 лет назад

Liferay Portal and Liferay DXP Vulnerable to Stored XSS in the Manage Vocabulary Page

EPSS

Процентиль: 43%

0.00208

Низкий

9 Critical

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79