What is the severity of CVE-2023-37940?

CVE-2023-37940 is categorized as a high-severity cross-site scripting (XSS) vulnerability.

How do I fix CVE-2023-37940?

You can remediate CVE-2023-37940 by updating Liferay Portal to version 7.4.3.88 or higher, or Liferay DXP to version 7.3.10.u30 or higher.

Which versions are affected by CVE-2023-37940?

CVE-2023-37940 affects Liferay Portal versions 7.0.0 through 7.4.3.87 and Liferay DXP versions 7.3 GA through update 29.

Can CVE-2023-37940 be exploited by remote attackers?

Yes, CVE-2023-37940 allows remote attackers to inject arbitrary web scripts or HTML via a crafted payload.

What types of applications are impacted by CVE-2023-37940?

CVE-2023-37940 impacts applications utilizing Liferay Portal and Liferay DXP that are running vulnerable versions.

Vulnerability/
CVE-2023-37940

medium

4.8

CWE

17/12/2024

18/12/2024

28/1/2025

CVE-2023-37940: XSS

First published: Tue Dec 17 2024(Updated: )

Cross-site scripting (XSS) vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a service access policy's `Service Class` text field.

Credit: security@liferay.com security@liferay.com

Affected Software	Affected Version	How to fix
maven/com.liferay.portal:release.dxp.bom	>=7.4<7.4.13.u88	7.4.13.u88
maven/com.liferay.portal:release.dxp.bom	>=7.0<7.3.10.u30	7.3.10.u30
maven/com.liferay.portal:release.portal.bom	>=7.0.0<7.4.3.88	7.4.3.88
Liferay 7.4 GA	>=7.0.0<7.4.3.88
Liferay 7.4 GA	>=7.0<7.3
Liferay 7.4 GA	=7.3
Liferay 7.4 GA	=7.3-fix_pack_1
Liferay 7.4 GA	=7.3-fix_pack_2
Liferay 7.4 GA	=7.3-service_pack_1
Liferay 7.4 GA	=7.3-service_pack_3
Liferay 7.4 GA	=7.3-update10
Liferay 7.4 GA	=7.3-update11
Liferay 7.4 GA	=7.3-update12
Liferay 7.4 GA	=7.3-update13
Liferay 7.4 GA	=7.3-update14
Liferay 7.4 GA	=7.3-update15
Liferay 7.4 GA	=7.3-update16
Liferay 7.4 GA	=7.3-update17
Liferay 7.4 GA	=7.3-update18
Liferay 7.4 GA	=7.3-update19
Liferay 7.4 GA	=7.3-update20
Liferay 7.4 GA	=7.3-update21
Liferay 7.4 GA	=7.3-update22
Liferay 7.4 GA	=7.3-update23
Liferay 7.4 GA	=7.3-update24
Liferay 7.4 GA	=7.3-update25
Liferay 7.4 GA	=7.3-update26
Liferay 7.4 GA	=7.3-update27
Liferay 7.4 GA	=7.3-update28
Liferay 7.4 GA	=7.3-update29
Liferay 7.4 GA	=7.3-update4
Liferay 7.4 GA	=7.3-update5
Liferay 7.4 GA	=7.3-update6
Liferay 7.4 GA	=7.3-update7
Liferay 7.4 GA	=7.3-update8
Liferay 7.4 GA	=7.3-update9
Liferay 7.4 GA	=7.4
Liferay 7.4 GA	=7.4-update1
Liferay 7.4 GA	=7.4-update10
Liferay 7.4 GA	=7.4-update11
Liferay 7.4 GA	=7.4-update12
Liferay 7.4 GA	=7.4-update13
Liferay 7.4 GA	=7.4-update14
Liferay 7.4 GA	=7.4-update15
Liferay 7.4 GA	=7.4-update16
Liferay 7.4 GA	=7.4-update17
Liferay 7.4 GA	=7.4-update18
Liferay 7.4 GA	=7.4-update19
Liferay 7.4 GA	=7.4-update2
Liferay 7.4 GA	=7.4-update20
Liferay 7.4 GA	=7.4-update21
Liferay 7.4 GA	=7.4-update22
Liferay 7.4 GA	=7.4-update23
Liferay 7.4 GA	=7.4-update24
Liferay 7.4 GA	=7.4-update25
Liferay 7.4 GA	=7.4-update26
Liferay 7.4 GA	=7.4-update27
Liferay 7.4 GA	=7.4-update28
Liferay 7.4 GA	=7.4-update29
Liferay 7.4 GA	=7.4-update3
Liferay 7.4 GA	=7.4-update30
Liferay 7.4 GA	=7.4-update31
Liferay 7.4 GA	=7.4-update32
Liferay 7.4 GA	=7.4-update33
Liferay 7.4 GA	=7.4-update34
Liferay 7.4 GA	=7.4-update35
Liferay 7.4 GA	=7.4-update36
Liferay 7.4 GA	=7.4-update37
Liferay 7.4 GA	=7.4-update38
Liferay 7.4 GA	=7.4-update39
Liferay 7.4 GA	=7.4-update4
Liferay 7.4 GA	=7.4-update40
Liferay 7.4 GA	=7.4-update41
Liferay 7.4 GA	=7.4-update42
Liferay 7.4 GA	=7.4-update43
Liferay 7.4 GA	=7.4-update44
Liferay 7.4 GA	=7.4-update45
Liferay 7.4 GA	=7.4-update46
Liferay 7.4 GA	=7.4-update47
Liferay 7.4 GA	=7.4-update48
Liferay 7.4 GA	=7.4-update49
Liferay 7.4 GA	=7.4-update5
Liferay 7.4 GA	=7.4-update50
Liferay 7.4 GA	=7.4-update51
Liferay 7.4 GA	=7.4-update52
Liferay 7.4 GA	=7.4-update53
Liferay 7.4 GA	=7.4-update54
Liferay 7.4 GA	=7.4-update55
Liferay 7.4 GA	=7.4-update56
Liferay 7.4 GA	=7.4-update57
Liferay 7.4 GA	=7.4-update58
Liferay 7.4 GA	=7.4-update59
Liferay 7.4 GA	=7.4-update6
Liferay 7.4 GA	=7.4-update60
Liferay 7.4 GA	=7.4-update61
Liferay 7.4 GA	=7.4-update62
Liferay 7.4 GA	=7.4-update63
Liferay 7.4 GA	=7.4-update64
Liferay 7.4 GA	=7.4-update65
Liferay 7.4 GA	=7.4-update66
Liferay 7.4 GA	=7.4-update67
Liferay 7.4 GA	=7.4-update68
Liferay 7.4 GA	=7.4-update69
Liferay 7.4 GA	=7.4-update7
Liferay 7.4 GA	=7.4-update70
Liferay 7.4 GA	=7.4-update71
Liferay 7.4 GA	=7.4-update72
Liferay 7.4 GA	=7.4-update73
Liferay 7.4 GA	=7.4-update74
Liferay 7.4 GA	=7.4-update75
Liferay 7.4 GA	=7.4-update76
Liferay 7.4 GA	=7.4-update77
Liferay 7.4 GA	=7.4-update78
Liferay 7.4 GA	=7.4-update79
Liferay 7.4 GA	=7.4-update8
Liferay 7.4 GA	=7.4-update80
Liferay 7.4 GA	=7.4-update81
Liferay 7.4 GA	=7.4-update82
Liferay 7.4 GA	=7.4-update83
Liferay 7.4 GA	=7.4-update84
Liferay 7.4 GA	=7.4-update85
Liferay 7.4 GA	=7.4-update86
Liferay 7.4 GA	=7.4-update87
Liferay 7.4 GA	=7.4-update9

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-37940?
CVE-2023-37940 is categorized as a high-severity cross-site scripting (XSS) vulnerability.
How do I fix CVE-2023-37940?
You can remediate CVE-2023-37940 by updating Liferay Portal to version 7.4.3.88 or higher, or Liferay DXP to version 7.3.10.u30 or higher.
Which versions are affected by CVE-2023-37940?
CVE-2023-37940 affects Liferay Portal versions 7.0.0 through 7.4.3.87 and Liferay DXP versions 7.3 GA through update 29.
Can CVE-2023-37940 be exploited by remote attackers?
Yes, CVE-2023-37940 allows remote attackers to inject arbitrary web scripts or HTML via a crafted payload.
What types of applications are impacted by CVE-2023-37940?
CVE-2023-37940 impacts applications utilizing Liferay Portal and Liferay DXP that are running vulnerable versions.

agent/weakness
agent/description
agent/first-publish-date
agent/type
agent/severity
collector/github-advisory-latest
source/GitHub
alias/GHSA-px38-239g-x5mg
alias/CVE-2023-37940
agent/software-canonical-lookup
agent/references
agent/trending
collector/mitre-cve
source/MITRE
collector/nvd-cve
source/NVD
agent/author
collector/github-advisory
agent/source
agent/last-modified-date
agent/event
agent/softwarecombine
agent/tags
collector/nvd-api
agent/software-canonical-lookup-request
package-manager/maven
vendor/liferay
canonical/liferay 7.4 ga
version/liferay 7.4 ga/7.0.0
version/liferay 7.4 ga/7.0
version/liferay 7.4 ga/7.3
version/liferay 7.4 ga/7.3-fix_pack_1
version/liferay 7.4 ga/7.3-fix_pack_2
version/liferay 7.4 ga/7.3-service_pack_1
version/liferay 7.4 ga/7.3-service_pack_3
version/liferay 7.4 ga/7.3-update10
version/liferay 7.4 ga/7.3-update11
version/liferay 7.4 ga/7.3-update12
version/liferay 7.4 ga/7.3-update13
version/liferay 7.4 ga/7.3-update14
version/liferay 7.4 ga/7.3-update15
version/liferay 7.4 ga/7.3-update16
version/liferay 7.4 ga/7.3-update17
version/liferay 7.4 ga/7.3-update18
version/liferay 7.4 ga/7.3-update19
version/liferay 7.4 ga/7.3-update20
version/liferay 7.4 ga/7.3-update21
version/liferay 7.4 ga/7.3-update22
version/liferay 7.4 ga/7.3-update23
version/liferay 7.4 ga/7.3-update24
version/liferay 7.4 ga/7.3-update25
version/liferay 7.4 ga/7.3-update26
version/liferay 7.4 ga/7.3-update27
version/liferay 7.4 ga/7.3-update28
version/liferay 7.4 ga/7.3-update29
version/liferay 7.4 ga/7.3-update4
version/liferay 7.4 ga/7.3-update5
version/liferay 7.4 ga/7.3-update6
version/liferay 7.4 ga/7.3-update7
version/liferay 7.4 ga/7.3-update8
version/liferay 7.4 ga/7.3-update9
version/liferay 7.4 ga/7.4
version/liferay 7.4 ga/7.4-update1
version/liferay 7.4 ga/7.4-update10
version/liferay 7.4 ga/7.4-update11
version/liferay 7.4 ga/7.4-update12
version/liferay 7.4 ga/7.4-update13
version/liferay 7.4 ga/7.4-update14
version/liferay 7.4 ga/7.4-update15
version/liferay 7.4 ga/7.4-update16
version/liferay 7.4 ga/7.4-update17
version/liferay 7.4 ga/7.4-update18
version/liferay 7.4 ga/7.4-update19
version/liferay 7.4 ga/7.4-update2
version/liferay 7.4 ga/7.4-update20
version/liferay 7.4 ga/7.4-update21
version/liferay 7.4 ga/7.4-update22
version/liferay 7.4 ga/7.4-update23
version/liferay 7.4 ga/7.4-update24
version/liferay 7.4 ga/7.4-update25
version/liferay 7.4 ga/7.4-update26
version/liferay 7.4 ga/7.4-update27
version/liferay 7.4 ga/7.4-update28
version/liferay 7.4 ga/7.4-update29
version/liferay 7.4 ga/7.4-update3
version/liferay 7.4 ga/7.4-update30
version/liferay 7.4 ga/7.4-update31
version/liferay 7.4 ga/7.4-update32
version/liferay 7.4 ga/7.4-update33
version/liferay 7.4 ga/7.4-update34
version/liferay 7.4 ga/7.4-update35
version/liferay 7.4 ga/7.4-update36
version/liferay 7.4 ga/7.4-update37
version/liferay 7.4 ga/7.4-update38
version/liferay 7.4 ga/7.4-update39
version/liferay 7.4 ga/7.4-update4
version/liferay 7.4 ga/7.4-update40
version/liferay 7.4 ga/7.4-update41
version/liferay 7.4 ga/7.4-update42
version/liferay 7.4 ga/7.4-update43
version/liferay 7.4 ga/7.4-update44
version/liferay 7.4 ga/7.4-update45
version/liferay 7.4 ga/7.4-update46
version/liferay 7.4 ga/7.4-update47
version/liferay 7.4 ga/7.4-update48
version/liferay 7.4 ga/7.4-update49
version/liferay 7.4 ga/7.4-update5
version/liferay 7.4 ga/7.4-update50
version/liferay 7.4 ga/7.4-update51
version/liferay 7.4 ga/7.4-update52
version/liferay 7.4 ga/7.4-update53
version/liferay 7.4 ga/7.4-update54
version/liferay 7.4 ga/7.4-update55
version/liferay 7.4 ga/7.4-update56
version/liferay 7.4 ga/7.4-update57
version/liferay 7.4 ga/7.4-update58
version/liferay 7.4 ga/7.4-update59
version/liferay 7.4 ga/7.4-update6
version/liferay 7.4 ga/7.4-update60
version/liferay 7.4 ga/7.4-update61
version/liferay 7.4 ga/7.4-update62
version/liferay 7.4 ga/7.4-update63
version/liferay 7.4 ga/7.4-update64
version/liferay 7.4 ga/7.4-update65
version/liferay 7.4 ga/7.4-update66
version/liferay 7.4 ga/7.4-update67
version/liferay 7.4 ga/7.4-update68
version/liferay 7.4 ga/7.4-update69
version/liferay 7.4 ga/7.4-update7
version/liferay 7.4 ga/7.4-update70
version/liferay 7.4 ga/7.4-update71
version/liferay 7.4 ga/7.4-update72
version/liferay 7.4 ga/7.4-update73
version/liferay 7.4 ga/7.4-update74
version/liferay 7.4 ga/7.4-update75
version/liferay 7.4 ga/7.4-update76
version/liferay 7.4 ga/7.4-update77
version/liferay 7.4 ga/7.4-update78
version/liferay 7.4 ga/7.4-update79
version/liferay 7.4 ga/7.4-update8
version/liferay 7.4 ga/7.4-update80
version/liferay 7.4 ga/7.4-update81
version/liferay 7.4 ga/7.4-update82
version/liferay 7.4 ga/7.4-update83
version/liferay 7.4 ga/7.4-update84
version/liferay 7.4 ga/7.4-update85
version/liferay 7.4 ga/7.4-update86
version/liferay 7.4 ga/7.4-update87
version/liferay 7.4 ga/7.4-update9