Stored Cross-Site Scripting Vulnerability in Liferay Portal and DXP Products
CVE-2023-44310

9CRITICAL

Key Information:

Vendor

Liferay

Status
Vendor
CVE Published:
17 October 2023

What is CVE-2023-44310?

A stored cross-site scripting (XSS) vulnerability has been identified in Liferay Portal and Liferay DXP, specifically affecting versions 7.3.6 through 7.4.3.78 and 7.3 fix pack 1 through update 23, as well as 7.4 prior to update 79. This vulnerability allows remote attackers to inject malicious web scripts or HTML into the page's 'Name' text field using a specially crafted payload.

Affected Version(s)

DXP 7.3.10.sp1 <= 7.3.10.u23

DXP 7.4.13 <= 7.4.13.u78

Portal 7.3.6 <= 7.4.3.78

References

CVSS V3.1

Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.