First published: Tue Oct 17 2023(Updated: )
Stored cross-site scripting (XSS) vulnerability in Page Tree menu Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into page's "Name" text field.
Credit: security@liferay.com security@liferay.com
Affected Software | Affected Version | How to fix |
---|---|---|
Liferay Digital Experience Platform | =7.1-fix_pack_1 | |
Liferay Digital Experience Platform | =7.1-fix_pack_10 | |
Liferay Digital Experience Platform | =7.1-fix_pack_11 | |
Liferay Digital Experience Platform | =7.1-fix_pack_12 | |
Liferay Digital Experience Platform | =7.1-fix_pack_13 | |
Liferay Digital Experience Platform | =7.1-fix_pack_14 | |
Liferay Digital Experience Platform | =7.1-fix_pack_15 | |
Liferay Digital Experience Platform | =7.1-fix_pack_16 | |
Liferay Digital Experience Platform | =7.1-fix_pack_17 | |
Liferay Digital Experience Platform | =7.1-fix_pack_18 | |
Liferay Digital Experience Platform | =7.1-fix_pack_19 | |
Liferay Digital Experience Platform | =7.1-fix_pack_2 | |
Liferay Digital Experience Platform | =7.1-fix_pack_20 | |
Liferay Digital Experience Platform | =7.1-fix_pack_21 | |
Liferay Digital Experience Platform | =7.1-fix_pack_22 | |
Liferay Digital Experience Platform | =7.1-fix_pack_23 | |
Liferay Digital Experience Platform | =7.1-fix_pack_3 | |
Liferay Digital Experience Platform | =7.1-fix_pack_4 | |
Liferay Digital Experience Platform | =7.1-fix_pack_5 | |
Liferay Digital Experience Platform | =7.1-fix_pack_6 | |
Liferay Digital Experience Platform | =7.1-fix_pack_7 | |
Liferay Digital Experience Platform | =7.1-fix_pack_8 | |
Liferay Digital Experience Platform | =7.1-fix_pack_9 | |
Liferay Digital Experience Platform | =7.4 | |
Liferay Digital Experience Platform | =7.4-update1 | |
Liferay Digital Experience Platform | =7.4-update21 | |
Liferay Digital Experience Platform | =7.4-update34 | |
Liferay Digital Experience Platform | =7.4-update36 | |
Liferay Digital Experience Platform | =7.4-update41 | |
Liferay Digital Experience Platform | =7.4-update48 | |
Liferay Digital Experience Platform | =7.4-update50 | |
Liferay Digital Experience Platform | =7.4-update52 | |
Liferay Digital Experience Platform | =7.4-update62 | |
Liferay Digital Experience Platform | =7.4-update67 | |
Liferay Digital Experience Platform | =7.4-update76 | |
Liferay Liferay Portal | >=7.3.6<7.4.3.49 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-44310 is critical with a severity value of 9.
The vulnerability affects Liferay Portal versions 7.3.6 through 7.4.3.78 and Liferay DXP versions 7.3 fix pack 1 through update 23, and 7.4 before update 79.
The CWE of CVE-2023-44310 is 79.
Remote attackers can exploit the vulnerability by injecting a crafted payload into a page's "Name" text field, allowing them to inject arbitrary web script or HTML.
Yes, a fix is available for CVE-2023-44310. Please refer to the official reference for more details.