Cross-site scripting (XSS) vulnerability in the Modified Facet widget in Liferay Portal 7.1.0 through 7.4.3.12, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 18, 7.3 before update 4, and 7.4 before update 9 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a facet label.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Liferay
Published: 2023-05-24T13:41:22.321Z
Updated: 2024-08-02T15:54:13.948Z
Reserved: 2023-05-24T02:36:00.163Z
Link: CVE-2023-33939
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-05-24T14:15:09.623
Modified: 2023-05-31T20:35:06.760
Link: CVE-2023-33939
Redhat
No data.