Critical severityNVD Advisory· Published Oct 17, 2023· Updated Sep 13, 2024
CVE-2023-44310
CVE-2023-44310
Description
Stored cross-site scripting (XSS) vulnerability in Page Tree menu Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into page's "Name" text field.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.liferay:com.liferay.layout.implMaven | < 6.0.102 | 6.0.102 |
com.liferay.portal:release.dxp.bomMaven | >= 7.3.10.fp1, <= 7.3.10.fp23 | — |
com.liferay.portal:release.dxp.bomMaven | >= 7.4.0, < 7.4.13.u79 | 7.4.13.u79 |
Affected products
2- Liferay/DXPv5Range: 7.3.10.sp1
Patches
145931175b6aeLPS-178476 Adds title attribute to the json object
1 file changed · +14 −14
modules/apps/layout/layout-impl/src/main/java/com/liferay/layout/internal/util/LayoutsTreeImpl.java+14 −14 modified@@ -345,6 +345,17 @@ private JSONObject _toJSONObject( boolean finalHasUpdatePermission = hasUpdatePermission; + String layoutName = layout.getName(themeDisplay.getLocale()); + + if (includeActions && (_getDraftLayout(layout) != null) && + (finalHasUpdatePermission || !layout.isPublished() || + _layoutContentModelResourcePermission.contains( + themeDisplay.getPermissionChecker(), layout.getPlid(), + ActionKeys.UPDATE))) { + + layoutName += StringPool.STAR; + } + JSONObject jsonObject = JSONUtil.put( "actions", () -> { @@ -389,20 +400,7 @@ private JSONObject _toJSONObject( ).put( "layoutId", layout.getLayoutId() ).put( - "name", - () -> { - if (includeActions && (_getDraftLayout(layout) != null) && - (finalHasUpdatePermission || !layout.isPublished() || - _layoutContentModelResourcePermission.contains( - themeDisplay.getPermissionChecker(), layout.getPlid(), - ActionKeys.UPDATE))) { - - return layout.getName(themeDisplay.getLocale()) + - StringPool.STAR; - } - - return layout.getName(themeDisplay.getLocale()); - } + "name", layoutName ).put( "paginated", () -> { @@ -443,6 +441,8 @@ private JSONObject _toJSONObject( return StringPool.BLANK; } + ).put( + "title", HtmlUtil.escapeAttribute(layoutName) ).put( "type", layout.getType() );
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-j5gv-w838-mmcxghsaADVISORY
- liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44310mitrevendor-advisory
- nvd.nist.gov/vuln/detail/CVE-2023-44310ghsaADVISORY
- github.com/liferay/liferay-portal/commit/45931175b6ae14df089f0304f86b5b0f66ac3c02ghsaWEB
- liferay.atlassian.net/browse/LPE-17725ghsaWEB
- liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44310ghsaWEB
News mentions
0No linked articles in our index yet.