Headline
CVE-2023-44309: CVE-2023-44309 XSS with fragment components - Liferay
Multiple stored cross-site scripting (XSS) vulnerabilities in the fragment components in Liferay Portal 7.4.2 through 7.4.3.53, and Liferay DXP 7.4 before update 54 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into any non-HTML field of a linked source asset.
This website uses cookies to ensure you get the best experience. Learn More.
Accept
- Ask
- Blogs
- Chat
- Download
- Feedback
- Help
- Learn
- Projects
- /dev/24
- Log In
Known Vulnerabilities
- Overview
- Reporting Security Issues
- Known Vulnerabilities
- Hall of Fame
Releases
Liferay Portal 7.4
Liferay Portal 7.3
Liferay Portal 7.2
Liferay Portal 7.1
Liferay Portal 7.0
Liferay Portal 6.2 CE
Liferay Faces
Liferay DXP 7.4
Liferay DXP 7.3
Liferay DXP 7.2
LIferay DXP 7.1
LIferay DXP 7.0
CVE-2023-44309 XSS with fragment components
Description
Multiple stored cross-site scripting (XSS) vulnerabilities in the fragment components in Liferay Portal and Liferay DXP allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into any non-HTML field of a linked source asset.
Severity
9.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
Affected Version(s)
- Liferay DXP 7.4 before update 54
- Liferay Portal 7.4.2 through 7.4.3.53
Fixed Version(s)
- Liferay DXP 7.4 update 54
- Liferay Portal 7.4.3.54
Publication date: Tue, 17 Oct 2023 07:00:00 +0000
Security advisories for Liferay’s enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.