First published: Wed May 24 2023(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter.
Credit: security@liferay.com security@liferay.com
Affected Software | Affected Version | How to fix |
---|---|---|
Liferay Digital Experience Platform | =7.4-update41 | |
Liferay Digital Experience Platform | =7.4-update52 | |
Liferay Liferay Portal | >=7.4.3.31<=7.4.3.52 | |
maven/com.liferay.portal:release.portal.bom | >=7.4.3.41<7.4.3.53 | 7.4.3.53 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-33941 is a vulnerability related to multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.52, and Liferay DXP 7.4 update 41 through 52.
CVE-2023-33941 has a severity rating of 6.1, making it a medium-level vulnerability.
CVE-2023-33941 affects Liferay Portal 7.4.3.41 through 7.4.3.52 and Liferay DXP 7.4 update 41 through 52.
CVE-2023-33941 is classified under CWE-79, which is the code injection vulnerability category.
More information about CVE-2023-33941 can be found at the following reference link: [CVE-2023-33941](https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33941)