CVE-2020-7934 - OpenCVE

In LifeRay Portal CE 7.1.0 through 7.2.1 GA2, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload will then be rendered when a user utilizes the search feature to search for other users (i.e., if a user with modified fields occurs in the search results). This issue was fixed in Liferay Portal CE version 7.3.0 GA1.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Liferay	Liferay Portal

Configuration 1 [-]

cpe:2.3:a:liferay:liferay_portal:*:*:*:*:community:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/160168/LifeRay-7.2.1-GA2-Cross-Site-Scripting.html
https://github.com/3ndG4me/liferay-xss-7.2.1GA2-poc-report-CVE-2020-7934
https://semanticbits.com/liferay-portal-authenticated-xss-disclosure/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-01-28T13:03:44

Updated: 2024-08-04T09:48:24.506Z

Reserved: 2020-01-23T00:00:00

Link: CVE-2020-7934

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-01-28T14:15:14.943

Modified: 2020-11-23T18:15:11.063

Link: CVE-2020-7934

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In LifeRay Portal CE 7.1.0 through 7.2.1 GA2, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload will then be rendered when a user utilizes the search feature to search for other users (i.e., if a user with modified fields occurs in the search results). This issue was fixed in Liferay Portal CE version 7.3.0 GA1."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-11-23T17:06:26", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://semanticbits.com/liferay-portal-authenticated-xss-disclosure/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/3ndG4me/liferay-xss-7.2.1GA2-poc-report-CVE-2020-7934"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/160168/LifeRay-7.2.1-GA2-Cross-Site-Scripting.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-7934", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In LifeRay Portal CE 7.1.0 through 7.2.1 GA2, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload will then be rendered when a user utilizes the search feature to search for other users (i.e., if a user with modified fields occurs in the search results). This issue was fixed in Liferay Portal CE version 7.3.0 GA1."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://semanticbits.com/liferay-portal-authenticated-xss-disclosure/", "refsource": "MISC", "url": "https://semanticbits.com/liferay-portal-authenticated-xss-disclosure/"}, {"name": "https://github.com/3ndG4me/liferay-xss-7.2.1GA2-poc-report-CVE-2020-7934", "refsource": "MISC", "url": "https://github.com/3ndG4me/liferay-xss-7.2.1GA2-poc-report-CVE-2020-7934"}, {"name": "http://packetstormsecurity.com/files/160168/LifeRay-7.2.1-GA2-Cross-Site-Scripting.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/160168/LifeRay-7.2.1-GA2-Cross-Site-Scripting.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:48:24.506Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://semanticbits.com/liferay-portal-authenticated-xss-disclosure/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/3ndG4me/liferay-xss-7.2.1GA2-poc-report-CVE-2020-7934"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/160168/LifeRay-7.2.1-GA2-Cross-Site-Scripting.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-7934", "datePublished": "2020-01-28T13:03:44", "dateReserved": "2020-01-23T00:00:00", "dateUpdated": "2024-08-04T09:48:24.506Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:liferay:liferay_portal:*:*:*:*:community:*:*:*", "matchCriteriaId": "6F3ED980-C91C-4A2F-944D-207C6C78981C", "versionEndIncluding": "7.2.1", "versionStartIncluding": "7.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In LifeRay Portal CE 7.1.0 through 7.2.1 GA2, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload will then be rendered when a user utilizes the search feature to search for other users (i.e., if a user with modified fields occurs in the search results). This issue was fixed in Liferay Portal CE version 7.3.0 GA1."}, {"lang": "es", "value": "En LifeRay Portal CE versiones 7.1.0 hasta 7.2.1 GA2, los campos First Name, Middle Name, y Last Name para las cuentas de usuario en MyAccountPortlet son vulnerables a un problema de tipo XSS persistente. Cualquier usuario puede modificar estos campos con una carga \u00fatil XSS particular, y ser\u00e1 almacenada en la base de datos. La carga \u00fatil entonces ser\u00e1 renderizada cuando un usuario utilice la funcionalidad search para buscar a otros usuarios (es decir, si se presenta un usuario con campos modificados en los resultados de la b\u00fasqueda). Este problema fue corregido en el Portal Liferay CE versi\u00f3n 7.3.0 GA1"}], "id": "CVE-2020-7934", "lastModified": "2020-11-23T18:15:11.063", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-28T14:15:14.943", "references": [{"source": "cve@mitre.org", "url": "http://packetstormsecurity.com/files/160168/LifeRay-7.2.1-GA2-Cross-Site-Scripting.html"}, {"source": "cve@mitre.org", "url": "https://github.com/3ndG4me/liferay-xss-7.2.1GA2-poc-report-CVE-2020-7934"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://semanticbits.com/liferay-portal-authenticated-xss-disclosure/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}