Reflected cross-site scripting (XSS) vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 4 through 92 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_portal_language_override_web_internal_portlet_PLOPortlet_key parameter.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HLiferay Digital Experience Platform
APPLiferay2023.q3.02023.q3.12023.q3.22023.q3.32023.q3.47.4Liferay Portal
APPLiferay7.4.3.8 – 7.4.3.98 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
Related vulnerabilities
CVE-2020-7961CRITICAL9.8⚠ KEVten sam produkt
Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute a...
CVE-2024-8980CRITICAL9.6PL ✓ten sam produkt
Liferay Portal/DXP: CSRF w Script Console umożliwia wykonanie kodu Groovy
CVE-2024-38002CRITICAL9.0PL ✓ten sam produkt
RCE w komponencie workflow Liferay Portal i DXP — brak weryfikacji uprawnień
CVE-2023-42496CRITICAL9.6PL ✓ten sam produkt
Reflected XSS w Liferay Portal i DXP na stronie przypisywania ról
CVE-2023-40191CRITICAL9.0PL ✓ten sam produkt
Reflected XSS w ustawieniach kont Liferay Portal i DXP