Reflected XSS Vulnerability in Liferay Portal and Liferay DXP
CVE-2023-42497
9.6CRITICAL
What is CVE-2023-42497?
The reflected XSS vulnerability in Liferay Portal versions 7.4.3.4 to 7.4.3.85 and Liferay DXP version 7.4 prior to update 86 allows remote attackers to exploit the vulnerable TranslationPortlet_redirect
parameter. Successful exploitation enables attackers to inject arbitrary web scripts or HTML, potentially compromising the integrity and security of the affected applications. Organizations using these versions should prioritize updates to mitigate this vulnerability.
Affected Version(s)
DXP 7.4.13 <= 7.4.13.u85
Portal 7.4.3.4 <= 7.4.3.85