What is the severity of CVE-2023-44310?

The severity of CVE-2023-44310 is critical with a severity value of 9.

How does the vulnerability CVE-2023-44310 affect Liferay Portal and Liferay DXP?

The vulnerability affects Liferay Portal versions 7.3.6 through 7.4.3.78 and Liferay DXP versions 7.3 fix pack 1 through update 23, and 7.4 before update 79.

What is the CWE of CVE-2023-44310?

The CWE of CVE-2023-44310 is 79.

How can remote attackers exploit the vulnerability CVE-2023-44310?

Remote attackers can exploit the vulnerability by injecting a crafted payload into a page's "Name" text field, allowing them to inject arbitrary web script or HTML.

Is there a fix available for CVE-2023-44310?

Yes, a fix is available for CVE-2023-44310. Please refer to the official reference for more details.

Vulnerability/
CVE-2023-44310

critical

CWE

17/10/2023

13/9/2024

CVE-2023-44310: XSS

First published: Tue Oct 17 2023(Updated: )

Stored cross-site scripting (XSS) vulnerability in Page Tree menu Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into page's "Name" text field.

Credit: security@liferay.com

Affected Software	Affected Version	How to fix
Liferay DXP	=7.1-fix_pack_1
Liferay DXP	=7.1-fix_pack_10
Liferay DXP	=7.1-fix_pack_11
Liferay DXP	=7.1-fix_pack_12
Liferay DXP	=7.1-fix_pack_13
Liferay DXP	=7.1-fix_pack_14
Liferay DXP	=7.1-fix_pack_15
Liferay DXP	=7.1-fix_pack_16
Liferay DXP	=7.1-fix_pack_17
Liferay DXP	=7.1-fix_pack_18
Liferay DXP	=7.1-fix_pack_19
Liferay DXP	=7.1-fix_pack_2
Liferay DXP	=7.1-fix_pack_20
Liferay DXP	=7.1-fix_pack_21
Liferay DXP	=7.1-fix_pack_22
Liferay DXP	=7.1-fix_pack_23
Liferay DXP	=7.1-fix_pack_3
Liferay DXP	=7.1-fix_pack_4
Liferay DXP	=7.1-fix_pack_5
Liferay DXP	=7.1-fix_pack_6
Liferay DXP	=7.1-fix_pack_7
Liferay DXP	=7.1-fix_pack_8
Liferay DXP	=7.1-fix_pack_9
Liferay DXP	=7.4
Liferay DXP	=7.4-update1
Liferay DXP	=7.4-update21
Liferay DXP	=7.4-update34
Liferay DXP	=7.4-update36
Liferay DXP	=7.4-update41
Liferay DXP	=7.4-update48
Liferay DXP	=7.4-update50
Liferay DXP	=7.4-update52
Liferay DXP	=7.4-update62
Liferay DXP	=7.4-update67
Liferay DXP	=7.4-update76
Liferay 7.4 GA	>=7.3.6<7.4.3.49

Never miss a vulnerability like this again

Reference Links

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44310

Frequently Asked Questions

What is the severity of CVE-2023-44310?
The severity of CVE-2023-44310 is critical with a severity value of 9.
How does the vulnerability CVE-2023-44310 affect Liferay Portal and Liferay DXP?
The vulnerability affects Liferay Portal versions 7.3.6 through 7.4.3.78 and Liferay DXP versions 7.3 fix pack 1 through update 23, and 7.4 before update 79.
What is the CWE of CVE-2023-44310?
The CWE of CVE-2023-44310 is 79.
How can remote attackers exploit the vulnerability CVE-2023-44310?
Remote attackers can exploit the vulnerability by injecting a crafted payload into a page's "Name" text field, allowing them to inject arbitrary web script or HTML.
Is there a fix available for CVE-2023-44310?
Yes, a fix is available for CVE-2023-44310. Please refer to the official reference for more details.

collector/nvd-index
agent/type
agent/severity
agent/weakness
agent/references
agent/description
agent/first-publish-date
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/author
agent/tags
agent/softwarecombine
collector/nvd-api
agent/software-canonical-lookup-request
vendor/liferay
canonical/liferay dxp
version/liferay dxp/7.1-fix_pack_1
version/liferay dxp/7.1-fix_pack_10
version/liferay dxp/7.1-fix_pack_11
version/liferay dxp/7.1-fix_pack_12
version/liferay dxp/7.1-fix_pack_13
version/liferay dxp/7.1-fix_pack_14
version/liferay dxp/7.1-fix_pack_15
version/liferay dxp/7.1-fix_pack_16
version/liferay dxp/7.1-fix_pack_17
version/liferay dxp/7.1-fix_pack_18
version/liferay dxp/7.1-fix_pack_19
version/liferay dxp/7.1-fix_pack_2
version/liferay dxp/7.1-fix_pack_20
version/liferay dxp/7.1-fix_pack_21
version/liferay dxp/7.1-fix_pack_22
version/liferay dxp/7.1-fix_pack_23
version/liferay dxp/7.1-fix_pack_3
version/liferay dxp/7.1-fix_pack_4
version/liferay dxp/7.1-fix_pack_5
version/liferay dxp/7.1-fix_pack_6
version/liferay dxp/7.1-fix_pack_7
version/liferay dxp/7.1-fix_pack_8
version/liferay dxp/7.1-fix_pack_9
version/liferay dxp/7.4
version/liferay dxp/7.4-update1
version/liferay dxp/7.4-update21
version/liferay dxp/7.4-update34
version/liferay dxp/7.4-update36
version/liferay dxp/7.4-update41
version/liferay dxp/7.4-update48
version/liferay dxp/7.4-update50
version/liferay dxp/7.4-update52
version/liferay dxp/7.4-update62
version/liferay dxp/7.4-update67
version/liferay dxp/7.4-update76
canonical/liferay 7.4 ga
version/liferay 7.4 ga/7.3.6