CVE-2023-33943

EPSS 0.14%
Veröffentlicht 24.05.2023 15:15:09
Zuletzt bearbeitet 30.01.2026 20:41:24
Quelle security@liferay.com
CVE-Watchlists
Login
Unerledigt
Login

Cross-site scripting (XSS) vulnerability in the Account module in Liferay Portal 7.4.3.21 through 7.4.3.62, and Liferay DXP 7.4 update 21 through 62 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user's (1) First Name, (2) Middle Name, (3) Last Name, or (4) Job Title text field.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate21

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate22

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate23

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate24

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate25

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate26

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate27

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate28

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate29

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate30

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate31

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate32

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate33

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate34

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate35

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate36

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate37

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate38

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate39

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate40

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate41

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate42

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate43

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate44

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate45

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate46

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate47

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate48

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate49

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate50

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate51

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate52

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate53

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate54

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate55

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate56

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate57

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate58

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate59

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate60

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate61

Liferay ≫ Digital Experience Platform Version7.4 Updateupdate62

Liferay ≫ Liferay Portal Version >= 7.4.3.21 <= 7.4.3.62

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.35

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
security@liferay.com	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33943

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-33943

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-33943

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-33943

EUVD