Stored Cross-Site Scripting Vulnerability in Liferay Portal and DXP Products
CVE-2023-44310
9CRITICAL
What is CVE-2023-44310?
A stored cross-site scripting (XSS) vulnerability has been identified in Liferay Portal and Liferay DXP, specifically affecting versions 7.3.6 through 7.4.3.78 and 7.3 fix pack 1 through update 23, as well as 7.4 prior to update 79. This vulnerability allows remote attackers to inject malicious web scripts or HTML into the page's 'Name' text field using a specially crafted payload.
Affected Version(s)
DXP 7.3.10.sp1 <= 7.3.10.u23
DXP 7.4.13 <= 7.4.13.u78
Portal 7.3.6 <= 7.4.3.78