Description
Multiple reflected cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.89, and Liferay DXP 7.4 update 41 through update 89 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter. This issue is caused by an incomplete fix in CVE-2023-33941.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
EUVD |
EUVD-2023-48667 | Liferay Portal and Liferay DXP Vulnerable to XSS via the OAuth2ProviderApplicationRedirect Class |
Github GHSA |
GHSA-49gm-5685-8fxv | Liferay Portal and Liferay DXP Vulnerable to XSS via the OAuth2ProviderApplicationRedirect Class |
References
History
No history.
Status: PUBLISHED
Assigner: Liferay
Published:
Updated: 2024-09-13T16:28:45.098Z
Reserved: 2023-09-28T11:23:54.829Z
Link: CVE-2023-44311
Updated: 2024-08-02T19:59:51.988Z
Status : Modified
Published: 2023-10-17T10:15:09.947
Modified: 2026-06-17T06:27:20.907
Link: CVE-2023-44311
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
EUVD
Github GHSA