First published: Wed May 24 2023(Updated: )
Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's `Title` field.
Credit: security@liferay.com security@liferay.com
Affected Software | Affected Version | How to fix |
---|---|---|
maven/com.liferay.portal:release.portal.bom | =7.4.3.50 | 7.4.3.51 |
Liferay Digital Experience Platform | =7.4-update50 | |
Liferay Liferay Portal | =7.4.3.50 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-33942 is a cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Portal 7.4.3.50 and Liferay DXP 7.4 update 50.
CVE-2023-33942 allows remote attackers to inject arbitrary web script or HTML into a web content article's `Title` field.
CVE-2023-33942 has a severity rating of medium with a CVSS score of 5.4.
The CVE-2023-33942 vulnerability can be exploited by injecting a crafted payload into the `Title` field of a web content article.
Yes, upgrading to the latest version of Liferay Portal or Liferay DXP that includes the patch for this vulnerability will fix CVE-2023-33942.