CVE-2023-42498: XSS
First published: Wed Feb 21 2024(Updated: )
Reflected cross-site scripting (XSS) vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 4 through 92 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_portal_language_override_web_internal_portlet_PLOPortlet_key parameter.
Credit: security@liferay.com security@liferay.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/com.liferay.portal:release.dxp.bom | >=7.4.13.u4<=7.4.13.u92 | |
| maven/com.liferay.portal:release.dxp.bom | >=2023.Q3<2023.Q3.5 | 2023.Q3.5 |
| maven/com.liferay.portal:release.portal.bom | >=7.4.3.8<=7.4.3.97 | |
| maven/com.liferay.portal:release.portal.bom | >=7.4.3.8<=7.4.3.97 | 7.4.3.98 |
| Liferay Liferay Portal | >=7.4.3.8<7.4.3.98 | |
| Liferay digital experience platform | =7.4-update10 | |
| Liferay digital experience platform | =7.4-update11 | |
| Liferay digital experience platform | =7.4-update12 | |
| Liferay digital experience platform | =7.4-update13 | |
| Liferay digital experience platform | =7.4-update14 | |
| Liferay digital experience platform | =7.4-update15 | |
| Liferay digital experience platform | =7.4-update16 | |
| Liferay digital experience platform | =7.4-update17 | |
| Liferay digital experience platform | =7.4-update18 | |
| Liferay digital experience platform | =7.4-update19 | |
| Liferay digital experience platform | =7.4-update20 | |
| Liferay digital experience platform | =7.4-update21 | |
| Liferay digital experience platform | =7.4-update22 | |
| Liferay digital experience platform | =7.4-update23 | |
| Liferay digital experience platform | =7.4-update24 | |
| Liferay digital experience platform | =7.4-update25 | |
| Liferay digital experience platform | =7.4-update26 | |
| Liferay digital experience platform | =7.4-update27 | |
| Liferay digital experience platform | =7.4-update28 | |
| Liferay digital experience platform | =7.4-update29 | |
| Liferay digital experience platform | =7.4-update30 | |
| Liferay digital experience platform | =7.4-update31 | |
| Liferay digital experience platform | =7.4-update32 | |
| Liferay digital experience platform | =7.4-update33 | |
| Liferay digital experience platform | =7.4-update34 | |
| Liferay digital experience platform | =7.4-update35 | |
| Liferay digital experience platform | =7.4-update36 | |
| Liferay digital experience platform | =7.4-update37 | |
| Liferay digital experience platform | =7.4-update38 | |
| Liferay digital experience platform | =7.4-update39 | |
| Liferay digital experience platform | =7.4-update4 | |
| Liferay digital experience platform | =7.4-update40 | |
| Liferay digital experience platform | =7.4-update41 | |
| Liferay digital experience platform | =7.4-update42 | |
| Liferay digital experience platform | =7.4-update43 | |
| Liferay digital experience platform | =7.4-update44 | |
| Liferay digital experience platform | =7.4-update45 | |
| Liferay digital experience platform | =7.4-update46 | |
| Liferay digital experience platform | =7.4-update47 | |
| Liferay digital experience platform | =7.4-update48 | |
| Liferay digital experience platform | =7.4-update49 | |
| Liferay digital experience platform | =7.4-update5 | |
| Liferay digital experience platform | =7.4-update50 | |
| Liferay digital experience platform | =7.4-update51 | |
| Liferay digital experience platform | =7.4-update52 | |
| Liferay digital experience platform | =7.4-update53 | |
| Liferay digital experience platform | =7.4-update54 | |
| Liferay digital experience platform | =7.4-update55 | |
| Liferay digital experience platform | =7.4-update56 | |
| Liferay digital experience platform | =7.4-update57 | |
| Liferay digital experience platform | =7.4-update58 | |
| Liferay digital experience platform | =7.4-update59 | |
| Liferay digital experience platform | =7.4-update6 | |
| Liferay digital experience platform | =7.4-update60 | |
| Liferay digital experience platform | =7.4-update61 | |
| Liferay digital experience platform | =7.4-update62 | |
| Liferay digital experience platform | =7.4-update63 | |
| Liferay digital experience platform | =7.4-update64 | |
| Liferay digital experience platform | =7.4-update65 | |
| Liferay digital experience platform | =7.4-update66 | |
| Liferay digital experience platform | =7.4-update67 | |
| Liferay digital experience platform | =7.4-update68 | |
| Liferay digital experience platform | =7.4-update69 | |
| Liferay digital experience platform | =7.4-update7 | |
| Liferay digital experience platform | =7.4-update70 | |
| Liferay digital experience platform | =7.4-update71 | |
| Liferay digital experience platform | =7.4-update72 | |
| Liferay digital experience platform | =7.4-update73 | |
| Liferay digital experience platform | =7.4-update74 | |
| Liferay digital experience platform | =7.4-update75 | |
| Liferay digital experience platform | =7.4-update76 | |
| Liferay digital experience platform | =7.4-update77 | |
| Liferay digital experience platform | =7.4-update78 | |
| Liferay digital experience platform | =7.4-update79 | |
| Liferay digital experience platform | =7.4-update8 | |
| Liferay digital experience platform | =7.4-update80 | |
| Liferay digital experience platform | =7.4-update81 | |
| Liferay digital experience platform | =7.4-update82 | |
| Liferay digital experience platform | =7.4-update83 | |
| Liferay digital experience platform | =7.4-update84 | |
| Liferay digital experience platform | =7.4-update85 | |
| Liferay digital experience platform | =7.4-update86 | |
| Liferay digital experience platform | =7.4-update87 | |
| Liferay digital experience platform | =7.4-update88 | |
| Liferay digital experience platform | =7.4-update89 | |
| Liferay digital experience platform | =7.4-update9 | |
| Liferay digital experience platform | =7.4-update90 | |
| Liferay digital experience platform | =7.4-update91 | |
| Liferay digital experience platform | =7.4-update92 | |
| Liferay digital experience platform | =2023.q3.0 | |
| Liferay digital experience platform | =2023.q3.1 | |
| Liferay digital experience platform | =2023.q3.2 | |
| Liferay digital experience platform | =2023.q3.3 | |
| Liferay digital experience platform | =2023.q3.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/type
- agent/first-publish-date
- agent/references
- agent/description
- agent/event
- agent/author
- collector/nvd-cve
- source/NVD
- collector/github-advisory
- source/GitHub
- alias/GHSA-73x3-8mrg-5r93
- alias/CVE-2023-42498
- agent/software-canonical-lookup
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/trending
- agent/source
- agent/severity
- agent/tags
- collector/github-advisory-latest
- agent/last-modified-date
- agent/softwarecombine
- collector/nvd-api
- agent/software-canonical-lookup-request
- package-manager/maven
- vendor/liferay
- canonical/liferay liferay portal
- version/liferay liferay portal/7.4.3.8
- canonical/liferay digital experience platform
- version/liferay digital experience platform/7.4-update10
- version/liferay digital experience platform/7.4-update11
- version/liferay digital experience platform/7.4-update12
- version/liferay digital experience platform/7.4-update13
- version/liferay digital experience platform/7.4-update14
- version/liferay digital experience platform/7.4-update15
- version/liferay digital experience platform/7.4-update16
- version/liferay digital experience platform/7.4-update17
- version/liferay digital experience platform/7.4-update18
- version/liferay digital experience platform/7.4-update19
- version/liferay digital experience platform/7.4-update20
- version/liferay digital experience platform/7.4-update21
- version/liferay digital experience platform/7.4-update22
- version/liferay digital experience platform/7.4-update23
- version/liferay digital experience platform/7.4-update24
- version/liferay digital experience platform/7.4-update25
- version/liferay digital experience platform/7.4-update26
- version/liferay digital experience platform/7.4-update27
- version/liferay digital experience platform/7.4-update28
- version/liferay digital experience platform/7.4-update29
- version/liferay digital experience platform/7.4-update30
- version/liferay digital experience platform/7.4-update31
- version/liferay digital experience platform/7.4-update32
- version/liferay digital experience platform/7.4-update33
- version/liferay digital experience platform/7.4-update34
- version/liferay digital experience platform/7.4-update35
- version/liferay digital experience platform/7.4-update36
- version/liferay digital experience platform/7.4-update37
- version/liferay digital experience platform/7.4-update38
- version/liferay digital experience platform/7.4-update39
- version/liferay digital experience platform/7.4-update4
- version/liferay digital experience platform/7.4-update40
- version/liferay digital experience platform/7.4-update41
- version/liferay digital experience platform/7.4-update42
- version/liferay digital experience platform/7.4-update43
- version/liferay digital experience platform/7.4-update44
- version/liferay digital experience platform/7.4-update45
- version/liferay digital experience platform/7.4-update46
- version/liferay digital experience platform/7.4-update47
- version/liferay digital experience platform/7.4-update48
- version/liferay digital experience platform/7.4-update49
- version/liferay digital experience platform/7.4-update5
- version/liferay digital experience platform/7.4-update50
- version/liferay digital experience platform/7.4-update51
- version/liferay digital experience platform/7.4-update52
- version/liferay digital experience platform/7.4-update53
- version/liferay digital experience platform/7.4-update54
- version/liferay digital experience platform/7.4-update55
- version/liferay digital experience platform/7.4-update56
- version/liferay digital experience platform/7.4-update57
- version/liferay digital experience platform/7.4-update58
- version/liferay digital experience platform/7.4-update59
- version/liferay digital experience platform/7.4-update6
- version/liferay digital experience platform/7.4-update60
- version/liferay digital experience platform/7.4-update61
- version/liferay digital experience platform/7.4-update62
- version/liferay digital experience platform/7.4-update63
- version/liferay digital experience platform/7.4-update64
- version/liferay digital experience platform/7.4-update65
- version/liferay digital experience platform/7.4-update66
- version/liferay digital experience platform/7.4-update67
- version/liferay digital experience platform/7.4-update68
- version/liferay digital experience platform/7.4-update69
- version/liferay digital experience platform/7.4-update7
- version/liferay digital experience platform/7.4-update70
- version/liferay digital experience platform/7.4-update71
- version/liferay digital experience platform/7.4-update72
- version/liferay digital experience platform/7.4-update73
- version/liferay digital experience platform/7.4-update74
- version/liferay digital experience platform/7.4-update75
- version/liferay digital experience platform/7.4-update76
- version/liferay digital experience platform/7.4-update77
- version/liferay digital experience platform/7.4-update78
- version/liferay digital experience platform/7.4-update79
- version/liferay digital experience platform/7.4-update8
- version/liferay digital experience platform/7.4-update80
- version/liferay digital experience platform/7.4-update81
- version/liferay digital experience platform/7.4-update82
- version/liferay digital experience platform/7.4-update83
- version/liferay digital experience platform/7.4-update84
- version/liferay digital experience platform/7.4-update85
- version/liferay digital experience platform/7.4-update86
- version/liferay digital experience platform/7.4-update87
- version/liferay digital experience platform/7.4-update88
- version/liferay digital experience platform/7.4-update89
- version/liferay digital experience platform/7.4-update9
- version/liferay digital experience platform/7.4-update90
- version/liferay digital experience platform/7.4-update91
- version/liferay digital experience platform/7.4-update92
- version/liferay digital experience platform/2023.q3.0
- version/liferay digital experience platform/2023.q3.1
- version/liferay digital experience platform/2023.q3.2
- version/liferay digital experience platform/2023.q3.3
- version/liferay digital experience platform/2023.q3.4