Reflected cross-site scripting (XSS) vulnerability on the Export for Translation page in Liferay Portal 7.4.3.4 through 7.4.3.85, and Liferay DXP 7.4 before update 86 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_translation_web_internal_portlet_TranslationPortlet_redirect` parameter.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: Liferay
Published:
Updated: 2024-09-13T16:32:16.701Z
Reserved: 2023-09-11T08:54:24.312Z
Link: CVE-2023-42497

Updated: 2024-08-02T19:23:38.911Z

Status : Modified
Published: 2023-10-17T08:15:09.437
Modified: 2024-11-21T08:22:40.480
Link: CVE-2023-42497

No data.

No data.