Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-33938

Cross-site scripting (XSS) vulnerability in the App Builder module's custom object details page in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before update 14 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an App Builder custom object's `Name` field.

Published

2023-05-24T14:15:09.550

Last Modified

2024-11-21T08:06:14.583

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.8 (MEDIUM)

Weaknesses
  • Type: Secondary
    CWE-79
  • Type: Primary
    CWE-79
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application liferay digital_experience_platform 7.3 Yes
Application liferay digital_experience_platform 7.3 Yes
Application liferay digital_experience_platform 7.3 Yes
Application liferay liferay_portal ≤ 7.4.0 Yes
References