Reflected XSS Vulnerability in Liferay Portal and Liferay DXP
CVE-2023-42497

9.6CRITICAL

Key Information:

Vendor

Liferay

Status
Vendor
CVE Published:
17 October 2023

What is CVE-2023-42497?

The reflected XSS vulnerability in Liferay Portal versions 7.4.3.4 to 7.4.3.85 and Liferay DXP version 7.4 prior to update 86 allows remote attackers to exploit the vulnerable TranslationPortlet_redirect parameter. Successful exploitation enables attackers to inject arbitrary web scripts or HTML, potentially compromising the integrity and security of the affected applications. Organizations using these versions should prioritize updates to mitigate this vulnerability.

Affected Version(s)

DXP 7.4.13 <= 7.4.13.u85

Portal 7.4.3.4 <= 7.4.3.85

References

CVSS V3.1

Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Amin ACHOUR
.