Cross-site scripting (XSS) vulnerability in Layout module in Liferay Portal 7.3.4 through 7.4.3.68, and Liferay DXP 7.3 before update 24, and 7.4 before update 69 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a container type layout fragment's `URL` text field.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Liferay
Published: 2023-05-24T15:07:14.026Z
Updated: 2024-08-02T15:54:13.400Z
Reserved: 2023-05-24T02:36:00.164Z
Link: CVE-2023-33944
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-05-24T16:15:09.693
Modified: 2023-06-01T12:37:28.847
Link: CVE-2023-33944
Redhat
No data.