CVE-2023-3193
Description
Cross-site scripting (XSS) vulnerability in the Layout modules SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL parameter.
Risk Information
Base Score
6.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.223
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2023-3193 are fixed in Liferay - release.portal.bom 7.4.3.74 | Windows |
| Vulnerabilities CVE-2023-3193 are affected in Liferay - release.dxp.bom 7.4.13 | Windows |
| Vulnerabilities CVE-2023-3193 are fixed in Liferay - release.portal.bom for Linux 7.4.3.74 | Linux |
| Vulnerabilities CVE-2023-3193 are affected in Liferay - release.dxp.bom for Linux 7.4.13 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234