CVE-2023-42498

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-42498
Reflected cross-site scripting (XSS) vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 4 through 92 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_portal_language_override_web_internal_portlet_PLOPortlet_key parameter.

9.6 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42498 Vendor Advisory
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42498 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:liferay:digital_experience_platform:7.4:update10:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update11:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update12:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update13:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update14:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update15:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update16:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update17:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update18:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update19:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update20:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update21:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update22:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update23:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update24:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update25:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update26:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update27:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update28:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update29:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update30:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update31:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update32:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update33:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update34:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update35:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update36:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update37:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update38:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update39:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update4:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update40:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update41:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update42:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update43:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update44:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update45:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update46:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update47:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update48:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update49:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update5:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update50:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update51:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update52:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update53:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update54:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update55:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update56:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update57:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update58:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update59:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update6:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update60:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update61:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update62:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update63:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update64:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update65:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update66:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update67:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update68:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update69:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update7:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update70:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update71:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update72:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update73:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update74:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update75:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update76:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update77:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update78:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update79:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update8:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update80:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update81:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update82:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update83:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update84:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update85:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update86:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update87:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update88:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update89:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update9:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update90:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update91:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:7.4:update92:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:2023.q3.0:*:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:2023.q3.1:*:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:2023.q3.2:*:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:2023.q3.3:*:*:*:*:*:*:*
cpe:2.3:a:liferay:digital_experience_platform:2023.q3.4:*:*:*:*:*:*:*
History

No history.

Information

Published : 2024-02-21 03:15

Updated : 2025-01-28 02:47

NVD link : CVE-2023-42498

Mitre link : CVE-2023-42498

CVE.ORG link : CVE-2023-42498

JSON object : View

Products Affected

liferay

  • digital_experience_platform
  • liferay_portal
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')