Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-33941

Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter.

Published

2023-05-24T15:15:09.697

Last Modified

2024-11-21T08:06:15.363

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

Weaknesses
  • Type: Secondary
    CWE-79
  • Type: Primary
    CWE-79
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application liferay digital_experience_platform 7.4 Yes
Application liferay digital_experience_platform 7.4 Yes
Application liferay liferay_portal ≤ 7.4.3.52 Yes
References