What is the severity of CVE-2023-42497?

The severity of CVE-2023-42497 is critical.

What is the affected software for CVE-2023-42497?

The affected software for CVE-2023-42497 is Liferay Portal 7.4.3.4 through 7.4.3.85, and Liferay DXP 7.4 before update 86.

How does CVE-2023-42497 affect Liferay Digital Experience Platform?

CVE-2023-42497 affects Liferay Digital Experience Platform 7.4 and its update versions.

What is the common weakness enumeration (CWE) of CVE-2023-42497?

The common weakness enumeration (CWE) of CVE-2023-42497 is CWE-79.

Where can I find more information about CVE-2023-42497?

You can find more information about CVE-2023-42497 at this link: [https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42497](https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42497)

Vulnerability/
CVE-2023-42497

critical

9.6

CWE

17/10/2023

13/9/2024

CVE-2023-42497: XSS

First published: Tue Oct 17 2023(Updated: )

Reflected cross-site scripting (XSS) vulnerability on the Export for Translation page in Liferay Portal 7.4.3.4 through 7.4.3.85, and Liferay DXP 7.4 before update 86 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_translation_web_internal_portlet_TranslationPortlet_redirect` parameter.

Credit: security@liferay.com

Affected Software	Affected Version	How to fix
Liferay 7.4 GA	=7.4
Liferay 7.4 GA	=7.4-update1
Liferay 7.4 GA	=7.4-update21
Liferay 7.4 GA	=7.4-update34
Liferay 7.4 GA	=7.4-update36
Liferay 7.4 GA	=7.4-update41
Liferay 7.4 GA	=7.4-update48
Liferay 7.4 GA	=7.4-update50
Liferay 7.4 GA	=7.4-update52
Liferay 7.4 GA	=7.4-update62
Liferay 7.4 GA	=7.4-update67
Liferay 7.4 GA	=7.4-update76
Liferay 7.4 GA	=7.4-update81
Liferay 7.4 GA	=7.4-update82
Liferay 7.4 GA	=7.4-update83
Liferay 7.4 GA	=7.4-update84
Liferay 7.4 GA	=7.4-update85
Liferay 7.4 GA	>=7.4.3.4<7.4.3.86

Never miss a vulnerability like this again

Reference Links

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42497

Frequently Asked Questions

What is the severity of CVE-2023-42497?
The severity of CVE-2023-42497 is critical.
What is the affected software for CVE-2023-42497?
The affected software for CVE-2023-42497 is Liferay Portal 7.4.3.4 through 7.4.3.85, and Liferay DXP 7.4 before update 86.
How does CVE-2023-42497 affect Liferay Digital Experience Platform?
CVE-2023-42497 affects Liferay Digital Experience Platform 7.4 and its update versions.
What is the common weakness enumeration (CWE) of CVE-2023-42497?
The common weakness enumeration (CWE) of CVE-2023-42497 is CWE-79.
Where can I find more information about CVE-2023-42497?
You can find more information about CVE-2023-42497 at this link: [https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42497](https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42497)

collector/nvd-index
agent/type
agent/references
agent/severity
agent/weakness
agent/description
agent/event
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/author
agent/softwarecombine
agent/tags
collector/nvd-api
agent/software-canonical-lookup-request
vendor/liferay
canonical/liferay 7.4 ga
version/liferay 7.4 ga/7.4
version/liferay 7.4 ga/7.4-update1
version/liferay 7.4 ga/7.4-update21
version/liferay 7.4 ga/7.4-update34
version/liferay 7.4 ga/7.4-update36
version/liferay 7.4 ga/7.4-update41
version/liferay 7.4 ga/7.4-update48
version/liferay 7.4 ga/7.4-update50
version/liferay 7.4 ga/7.4-update52
version/liferay 7.4 ga/7.4-update62
version/liferay 7.4 ga/7.4-update67
version/liferay 7.4 ga/7.4-update76
version/liferay 7.4 ga/7.4-update81
version/liferay 7.4 ga/7.4-update82
version/liferay 7.4 ga/7.4-update83
version/liferay 7.4 ga/7.4-update84
version/liferay 7.4 ga/7.4-update85
version/liferay 7.4 ga/7.4.3.4