Headline

GHSA-mvfv-w3fq-xp67: Cross-site scripting in Liferay Portal

Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module’s OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter.

1 year ago

ghsa

Open in Source

#xss #vulnerability #web #git #oauth #auth

Cross-site scripting in Liferay Portal

Moderate severity GitHub Reviewed Published May 24, 2023 to the GitHub Advisory Database • Updated May 24, 2023

Multiple reflected cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.89, and Liferay DXP 7.4 update 41 through update 89 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter. This issue is caused by an incomplete fix in CVE-2023-33941.

1 year ago

CVE

Open in Source

#xss #vulnerability #web #oauth #auth

CVE-2023-33941: CVE-2023-33941 Reflected XSS with 'code' and 'error' in OAuth2ProviderApplicationRedirect - Liferay

Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter.

1 year ago

CVE

Open in Source

#xss #vulnerability #web #oauth #auth