Liferay Portal vulnerable to reflected XSS
CVE-2023-40191
6.1MEDIUM
What is CVE-2023-40191?
A reflected cross-site scripting vulnerability exists in Liferay Portal and Liferay DXP that enables remote attackers to exploit the 'Blocked Email Domains' input field. By crafting a malicious payload, attackers can inject arbitrary scripts or HTML, potentially leading to various forms of attacks on users. This vulnerability affects multiple releases of Liferay Portal from version 7.4.3.44 through 7.4.3.97, as well as Liferay DXP 2023.Q3 prior to patch number 6. Effective remediation measures should be employed to prevent exploitation.
Affected Version(s)
DXP 2023.q3.1 <= 2023.q3.5
DXP 7.4.13.u44 <= 7.4.13.u92
Portal 7.4.3.44 <= 7.4.3.97