Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Liferay
Published: 2023-05-24T14:36:07.977Z
Updated: 2024-08-02T15:54:13.782Z
Reserved: 2023-05-24T02:36:00.163Z
Link: CVE-2023-33941
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-05-24T15:15:09.697
Modified: 2023-05-31T19:11:50.610
Link: CVE-2023-33941
Redhat
No data.