What is the severity of CVE-2023-40191?

CVE-2023-40191 is classified as a reflected cross-site scripting (XSS) vulnerability, allowing for the injection of arbitrary web scripts or HTML.

How do I fix CVE-2023-40191?

To mitigate CVE-2023-40191, it is recommended to update to versions 7.4.3.98 or 2023.Q3.6 of Liferay Portal or Liferay DXP.

What versions of Liferay are affected by CVE-2023-40191?

CVE-2023-40191 affects Liferay Portal versions from 7.4.3.44 to 7.4.3.97 and Liferay DXP versions before 2023.Q3 patch 6.

Can CVE-2023-40191 be exploited remotely?

Yes, CVE-2023-40191 can be exploited by remote attackers through crafted payloads injected into vulnerable instances.

What impact does CVE-2023-40191 have on users?

The impact includes potential unauthorized access to sensitive information and manipulation of the affected web application due to XSS.

Vulnerability/
CVE-2023-40191

critical

CWE

21/2/2024

28/1/2025

CVE-2023-40191: XSS

First published: Wed Feb 21 2024(Updated: )

Reflected cross-site scripting (XSS) vulnerability in the instance settings for Accounts in Liferay Portal 7.4.3.44 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 44 through 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the “Blocked Email Domains” text field

Credit: security@liferay.com security@liferay.com

Affected Software	Affected Version	How to fix
maven/com.liferay.portal:release.portal.bom	>=7.4.3.44<=7.4.3.97	7.4.3.98
maven/com.liferay.portal:release.dxp.bom	>=7.4.13.u44<=7.4.13.u92
maven/com.liferay.portal:release.dxp.bom	>=2023.Q3<2023.Q3.6	2023.Q3.6
Liferay 7.4 GA	>=7.4.3.44<7.4.3.98
Liferay 7.4 GA	=7.4-update44
Liferay 7.4 GA	=7.4-update45
Liferay 7.4 GA	=7.4-update46
Liferay 7.4 GA	=7.4-update47
Liferay 7.4 GA	=7.4-update48
Liferay 7.4 GA	=7.4-update49
Liferay 7.4 GA	=7.4-update50
Liferay 7.4 GA	=7.4-update51
Liferay 7.4 GA	=7.4-update52
Liferay 7.4 GA	=7.4-update53
Liferay 7.4 GA	=7.4-update54
Liferay 7.4 GA	=7.4-update55
Liferay 7.4 GA	=7.4-update56
Liferay 7.4 GA	=7.4-update57
Liferay 7.4 GA	=7.4-update58
Liferay 7.4 GA	=7.4-update59
Liferay 7.4 GA	=7.4-update60
Liferay 7.4 GA	=7.4-update61
Liferay 7.4 GA	=7.4-update62
Liferay 7.4 GA	=7.4-update63
Liferay 7.4 GA	=7.4-update64
Liferay 7.4 GA	=7.4-update65
Liferay 7.4 GA	=7.4-update66
Liferay 7.4 GA	=7.4-update67
Liferay 7.4 GA	=7.4-update68
Liferay 7.4 GA	=7.4-update69
Liferay 7.4 GA	=7.4-update70
Liferay 7.4 GA	=7.4-update71
Liferay 7.4 GA	=7.4-update72
Liferay 7.4 GA	=7.4-update73
Liferay 7.4 GA	=7.4-update74
Liferay 7.4 GA	=7.4-update75
Liferay 7.4 GA	=7.4-update76
Liferay 7.4 GA	=7.4-update77
Liferay 7.4 GA	=7.4-update78
Liferay 7.4 GA	=7.4-update79
Liferay 7.4 GA	=7.4-update80
Liferay 7.4 GA	=7.4-update81
Liferay 7.4 GA	=7.4-update82
Liferay 7.4 GA	=7.4-update83
Liferay 7.4 GA	=7.4-update84
Liferay 7.4 GA	=7.4-update85
Liferay 7.4 GA	=7.4-update86
Liferay 7.4 GA	=7.4-update87
Liferay 7.4 GA	=7.4-update88
Liferay 7.4 GA	=7.4-update89
Liferay 7.4 GA	=7.4-update90
Liferay 7.4 GA	=7.4-update91
Liferay 7.4 GA	=7.4-update92
Liferay 7.4 GA	=2023.q3.0
Liferay 7.4 GA	=2023.q3.1
Liferay 7.4 GA	=2023.q3.2
Liferay 7.4 GA	=2023.q3.3
Liferay 7.4 GA	=2023.q3.4
Liferay 7.4 GA	=2023.q3.5

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-40191?
CVE-2023-40191 is classified as a reflected cross-site scripting (XSS) vulnerability, allowing for the injection of arbitrary web scripts or HTML.
How do I fix CVE-2023-40191?
To mitigate CVE-2023-40191, it is recommended to update to versions 7.4.3.98 or 2023.Q3.6 of Liferay Portal or Liferay DXP.
What versions of Liferay are affected by CVE-2023-40191?
CVE-2023-40191 affects Liferay Portal versions from 7.4.3.44 to 7.4.3.97 and Liferay DXP versions before 2023.Q3 patch 6.
Can CVE-2023-40191 be exploited remotely?
Yes, CVE-2023-40191 can be exploited by remote attackers through crafted payloads injected into vulnerable instances.
What impact does CVE-2023-40191 have on users?
The impact includes potential unauthorized access to sensitive information and manipulation of the affected web application due to XSS.

agent/type
agent/description
agent/first-publish-date
agent/references
agent/author
agent/weakness
collector/mitre-cve
source/MITRE
agent/trending
agent/source
collector/github-advisory-latest
source/GitHub
alias/GHSA-468x-frcm-ghx6
alias/CVE-2023-40191
agent/software-canonical-lookup
agent/last-modified-date
agent/severity
agent/event
agent/tags
collector/github-advisory
agent/softwarecombine
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-api
package-manager/maven
vendor/liferay
canonical/liferay 7.4 ga
version/liferay 7.4 ga/7.4.3.44
version/liferay 7.4 ga/7.4-update44
version/liferay 7.4 ga/7.4-update45
version/liferay 7.4 ga/7.4-update46
version/liferay 7.4 ga/7.4-update47
version/liferay 7.4 ga/7.4-update48
version/liferay 7.4 ga/7.4-update49
version/liferay 7.4 ga/7.4-update50
version/liferay 7.4 ga/7.4-update51
version/liferay 7.4 ga/7.4-update52
version/liferay 7.4 ga/7.4-update53
version/liferay 7.4 ga/7.4-update54
version/liferay 7.4 ga/7.4-update55
version/liferay 7.4 ga/7.4-update56
version/liferay 7.4 ga/7.4-update57
version/liferay 7.4 ga/7.4-update58
version/liferay 7.4 ga/7.4-update59
version/liferay 7.4 ga/7.4-update60
version/liferay 7.4 ga/7.4-update61
version/liferay 7.4 ga/7.4-update62
version/liferay 7.4 ga/7.4-update63
version/liferay 7.4 ga/7.4-update64
version/liferay 7.4 ga/7.4-update65
version/liferay 7.4 ga/7.4-update66
version/liferay 7.4 ga/7.4-update67
version/liferay 7.4 ga/7.4-update68
version/liferay 7.4 ga/7.4-update69
version/liferay 7.4 ga/7.4-update70
version/liferay 7.4 ga/7.4-update71
version/liferay 7.4 ga/7.4-update72
version/liferay 7.4 ga/7.4-update73
version/liferay 7.4 ga/7.4-update74
version/liferay 7.4 ga/7.4-update75
version/liferay 7.4 ga/7.4-update76
version/liferay 7.4 ga/7.4-update77
version/liferay 7.4 ga/7.4-update78
version/liferay 7.4 ga/7.4-update79
version/liferay 7.4 ga/7.4-update80
version/liferay 7.4 ga/7.4-update81
version/liferay 7.4 ga/7.4-update82
version/liferay 7.4 ga/7.4-update83
version/liferay 7.4 ga/7.4-update84
version/liferay 7.4 ga/7.4-update85
version/liferay 7.4 ga/7.4-update86
version/liferay 7.4 ga/7.4-update87
version/liferay 7.4 ga/7.4-update88
version/liferay 7.4 ga/7.4-update89
version/liferay 7.4 ga/7.4-update90
version/liferay 7.4 ga/7.4-update91
version/liferay 7.4 ga/7.4-update92
version/liferay 7.4 ga/2023.q3.0
version/liferay 7.4 ga/2023.q3.1
version/liferay 7.4 ga/2023.q3.2
version/liferay 7.4 ga/2023.q3.3
version/liferay 7.4 ga/2023.q3.4
version/liferay 7.4 ga/2023.q3.5