CVE-2023-42498
published 2024-02-21CVE-2023-42498: Reflected cross-site scripting (XSS) vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 through 7.4.3.97, and Liferay DXP 2023.Q3…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
Reflected cross-site scripting (XSS) vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 4 through 92 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_portal_language_override_web_internal_portlet_PLOPortlet_key parameter.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| liferay | digital_experience_platform | — | — |
| liferay | digital_experience_platform | — | — |
| liferay | digital_experience_platform | — | — |
| liferay | digital_experience_platform | — | — |
| liferay | digital_experience_platform | — | — |
| liferay | digital_experience_platform | — | — |
| liferay | dxp | 2023.q3.1 – 2023.q3.4 | — |
| liferay | dxp | 7.4.13.u4 – 7.4.13.u92 | — |
| liferay | liferay_portal | >= 7.4.3.8 < 7.4.3.98 | 7.4.3.98 |
| liferay | portal | 7.4.3.8 – 7.4.3.97 | — |