What is CVE-2023-42629?

CVE-2023-42629 is a stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.2 through 7.4.3.87, and Liferay DXP 7.4 before update 88.

How does CVE-2023-42629 affect Liferay Portal?

CVE-2023-42629 allows remote attackers to inject arbitrary web script or HTML into a Vocabulary's 'description' text field.

What is the severity of CVE-2023-42629?

CVE-2023-42629 has a severity rating of critical.

Which versions of Liferay Portal are affected by CVE-2023-42629?

CVE-2023-42629 affects Liferay Portal 7.4.2 through 7.4.3.87, and Liferay DXP 7.4 before update 88.

Is there a fix available for CVE-2023-42629?

Yes, a fix is available for CVE-2023-42629. Update Liferay Portal to version 7.4.3.88 or apply the recommended security patch.

Vulnerability/
CVE-2023-42629

critical

CWE

17/10/2023

2/8/2024

CVE-2023-42629: XSS

First published: Tue Oct 17 2023(Updated: )

Stored cross-site scripting (XSS) vulnerability in the manage vocabulary page in Liferay Portal 7.4.2 through 7.4.3.87, and Liferay DXP 7.4 before update 88 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a Vocabulary's 'description' text field.

Credit: security@liferay.com security@liferay.com

Affected Software	Affected Version	How to fix
	=7.4
	=7.4-update1
	=7.4-update21
	=7.4-update34
	=7.4-update36
	=7.4-update41
	=7.4-update48
	=7.4-update50
	=7.4-update52
	=7.4-update62
	=7.4-update67
	=7.4-update76
	=7.4-update81
	=7.4-update82
	=7.4-update83
	=7.4-update84
	=7.4-update85
	=7.4-update86
	>=7.4.2<7.4.3.88

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-42629?
CVE-2023-42629 is a stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.2 through 7.4.3.87, and Liferay DXP 7.4 before update 88.
How does CVE-2023-42629 affect Liferay Portal?
CVE-2023-42629 allows remote attackers to inject arbitrary web script or HTML into a Vocabulary's 'description' text field.
What is the severity of CVE-2023-42629?
CVE-2023-42629 has a severity rating of critical.
Which versions of Liferay Portal are affected by CVE-2023-42629?
CVE-2023-42629 affects Liferay Portal 7.4.2 through 7.4.3.87, and Liferay DXP 7.4 before update 88.
Is there a fix available for CVE-2023-42629?
Yes, a fix is available for CVE-2023-42629. Update Liferay Portal to version 7.4.3.88 or apply the recommended security patch.

collector/nvd-index
agent/references
agent/type
agent/last-modified-date
agent/first-publish-date
agent/author
agent/softwarecombine
agent/severity
agent/weakness
agent/description
agent/event
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/tags
collector/mitre-cve
source/MITRE
vendor/liferay
canonical/liferay digital experience platform
version/liferay digital experience platform/7.4
version/liferay digital experience platform/7.4-update1
version/liferay digital experience platform/7.4-update21
version/liferay digital experience platform/7.4-update34
version/liferay digital experience platform/7.4-update36
version/liferay digital experience platform/7.4-update41
version/liferay digital experience platform/7.4-update48
version/liferay digital experience platform/7.4-update50
version/liferay digital experience platform/7.4-update52
version/liferay digital experience platform/7.4-update62
version/liferay digital experience platform/7.4-update67
version/liferay digital experience platform/7.4-update76
version/liferay digital experience platform/7.4-update81
version/liferay digital experience platform/7.4-update82
version/liferay digital experience platform/7.4-update83
version/liferay digital experience platform/7.4-update84
version/liferay digital experience platform/7.4-update85
version/liferay digital experience platform/7.4-update86
canonical/liferay liferay portal
version/liferay liferay portal/7.4.2