First published: Tue Oct 17 2023(Updated: )
Multiple stored cross-site scripting (XSS) vulnerabilities in the fragment components in Liferay Portal 7.4.2 through 7.4.3.53, and Liferay DXP 7.4 before update 54 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into any non-HTML field of a linked source asset.
Credit: security@liferay.com security@liferay.com
Affected Software | Affected Version | How to fix |
---|---|---|
Liferay Digital Experience Platform | =7.4 | |
Liferay Digital Experience Platform | =7.4-update1 | |
Liferay Digital Experience Platform | =7.4-update21 | |
Liferay Digital Experience Platform | =7.4-update34 | |
Liferay Digital Experience Platform | =7.4-update36 | |
Liferay Digital Experience Platform | =7.4-update41 | |
Liferay Digital Experience Platform | =7.4-update48 | |
Liferay Digital Experience Platform | =7.4-update50 | |
Liferay Digital Experience Platform | =7.4-update52 | |
Liferay Liferay Portal | >=7.4.2<7.4.3.53 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-44309 is a vulnerability that allows remote attackers to inject arbitrary web script or HTML via a crafted payload in Liferay Portal and Liferay DXP versions 7.4.2 through 7.4.3.53.
CVE-2023-44309 has a severity rating of critical.
Liferay Portal versions 7.4.2 through 7.4.3.53, and Liferay DXP versions 7.4 before update 54 are affected by CVE-2023-44309.
The CWE number for CVE-2023-44309 is 79.
You can find more information about CVE-2023-44309 at the following link: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44309