First published: Wed May 24 2023(Updated: )
Cross-site scripting (XSS) vulnerability in the Modified Facet widget in Liferay Portal 7.1.0 through 7.4.3.12, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 18, 7.3 before update 4, and 7.4 before update 9 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a facet label.
Credit: security@liferay.com security@liferay.com
Affected Software | Affected Version | How to fix |
---|---|---|
Liferay Digital Experience Platform | =7.2 | |
Liferay Digital Experience Platform | =7.2-fix_pack_1 | |
Liferay Digital Experience Platform | =7.2-fix_pack_2 | |
Liferay Digital Experience Platform | =7.2-fix_pack_3 | |
Liferay Digital Experience Platform | =7.2-fix_pack_5 | |
Liferay Digital Experience Platform | =7.2-fix_pack_4 | |
Liferay Digital Experience Platform | =7.1-fix_pack_6 | |
Liferay Digital Experience Platform | =7.1-fix_pack_9 | |
Liferay Digital Experience Platform | =7.1-fix_pack_10 | |
Liferay Digital Experience Platform | =7.1-fix_pack_11 | |
Liferay Digital Experience Platform | =7.1-fix_pack_12 | |
Liferay Digital Experience Platform | =7.1-fix_pack_13 | |
Liferay Digital Experience Platform | =7.1-fix_pack_14 | |
Liferay Digital Experience Platform | =7.1-fix_pack_15 | |
Liferay Digital Experience Platform | =7.1-fix_pack_16 | |
Liferay Digital Experience Platform | =7.1-fix_pack_17 | |
Liferay Digital Experience Platform | =7.1-fix_pack_4 | |
Liferay Digital Experience Platform | =7.1 | |
Liferay Digital Experience Platform | =7.1-fix_pack_1 | |
Liferay Digital Experience Platform | =7.1-fix_pack_2 | |
Liferay Digital Experience Platform | =7.1-fix_pack_3 | |
Liferay Digital Experience Platform | =7.1-fix_pack_5 | |
Liferay Digital Experience Platform | =7.1-fix_pack_7 | |
Liferay Digital Experience Platform | =7.1-fix_pack_8 | |
Liferay Digital Experience Platform | =7.1-fix_pack_19 | |
Liferay Digital Experience Platform | =7.1-fix_pack_18 | |
Liferay Digital Experience Platform | =7.2-fix_pack_6 | |
Liferay Digital Experience Platform | =7.2-fix_pack_7 | |
Liferay Digital Experience Platform | =7.2-fix_pack_8 | |
Liferay Digital Experience Platform | =7.2-fix_pack_9 | |
Liferay Digital Experience Platform | =7.3-fix_pack_1 | |
Liferay Digital Experience Platform | =7.3 | |
Liferay Digital Experience Platform | =7.2-fix_pack_11 | |
Liferay Digital Experience Platform | =7.2-fix_pack_12 | |
Liferay Digital Experience Platform | =7.2-fix_pack_13 | |
Liferay Digital Experience Platform | =7.2-fix_pack_14 | |
Liferay Digital Experience Platform | =7.2-fix_pack_15 | |
Liferay Digital Experience Platform | =7.2-fix_pack_16 | |
Liferay Digital Experience Platform | =7.1-fix_pack_20 | |
Liferay Digital Experience Platform | =7.1-fix_pack_21 | |
Liferay Digital Experience Platform | =7.1-fix_pack_22 | |
Liferay Digital Experience Platform | =7.1-fix_pack_23 | |
Liferay Digital Experience Platform | =7.2-fix_pack_10 | |
Liferay Digital Experience Platform | =7.3-fix_pack_2 | |
Liferay Digital Experience Platform | =7.4-update1 | |
Liferay Digital Experience Platform | =7.4 | |
Liferay Digital Experience Platform | =7.1-fix_pack_24 | |
Liferay Digital Experience Platform | =7.1-fix_pack_25 | |
Liferay Digital Experience Platform | =7.1-fix_pack_26 | |
Liferay Liferay Portal | >=7.1.0<=7.4.3.12 | |
maven/com.liferay.portal:release.portal.bom | >=7.1.0<7.4.3.13 | 7.4.3.13 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-33939 is a cross-site scripting (XSS) vulnerability in the Modified Facet widget in Liferay Portal 7.1.0 through 7.4.3.12, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 18, 7.3 before update 4, and 7.4 before update 9.
The severity of CVE-2023-33939 is medium, with a severity value of 5.4.
CVE-2023-33939 affects Liferay Digital Experience Platform versions 7.1 and 7.2, before fix pack 27 and fix pack 18 respectively.
CVE-2023-33939 affects Liferay Portal versions 7.1.0 through 7.4.3.12.
To fix CVE-2023-33939, update Liferay Digital Experience Platform to at least fix pack 27 (for 7.1) or fix pack 18 (for 7.2), and Liferay Portal to at least version 7.4.3.12.