cbcvebase.
CVE-2023-33937
published 2023-05-24

CVE-2023-33937: Stored cross-site scripting (XSS) vulnerability in Form widget configuration in Liferay Portal 7.1.0 through 7.3.0, and Liferay DXP 7.1 before fix pack 18, and…

medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Stored cross-site scripting (XSS) vulnerability in Form widget configuration in Liferay Portal 7.1.0 through 7.3.0, and Liferay DXP 7.1 before fix pack 18, and 7.2 before fix pack 5 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a form's `name` field.

Affected

6 ranges
VendorProductVersion rangeFixed in
liferaydigital_experience_platform
liferaydigital_experience_platform
liferaydxp7.1.10 – 7.1.10-dxp-17
liferaydxp7.2.10 – 7.2.10-dxp-4
liferayliferay_portal7.1.0 – 7.3.0
liferayportal7.1.0 – 7.3.0