CVE-2023-42497
published 2023-10-17CVE-2023-42497: Reflected cross-site scripting (XSS) vulnerability on the Export for Translation page in Liferay Portal 7.4.3.4 through 7.4.3.85, and Liferay DXP 7.4 before…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
Reflected cross-site scripting (XSS) vulnerability on the Export for Translation page in Liferay Portal 7.4.3.4 through 7.4.3.85, and Liferay DXP 7.4 before update 86 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_translation_web_internal_portlet_TranslationPortlet_redirect` parameter.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| liferay | digital_experience_platform | — | — |
| liferay | dxp | 7.4.13 – 7.4.13.u85 | — |
| liferay | liferay_portal | >= 7.4.3.4 < 7.4.3.86 | 7.4.3.86 |
| liferay | portal | 7.4.3.4 – 7.4.3.85 | — |