Critical severityNVD Advisory· Published Oct 17, 2023· Updated Sep 13, 2024
CVE-2023-44310
CVE-2023-44310
Description
Stored cross-site scripting (XSS) vulnerability in Page Tree menu Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into page's "Name" text field.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.liferay:com.liferay.layout.implMaven | < 6.0.102 | 6.0.102 |
com.liferay.portal:release.dxp.bomMaven | >= 7.3.10.fp1, <= 7.3.10.fp23 | — |
com.liferay.portal:release.dxp.bomMaven | >= 7.4.0, < 7.4.13.u79 | 7.4.13.u79 |
Affected products
5- osv-coords3 versionspkg:bitnami/liferaypkg:maven/com.liferay/com.liferay.layout.implpkg:maven/com.liferay.portal/release.dxp.bom
>= 7.4.0, <= 7.4.0+ 2 more
- (no CPE)range: >= 7.4.0, <= 7.4.0
- (no CPE)range: < 6.0.102
- (no CPE)range: >= 7.3.10.fp1, <= 7.3.10.fp23
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-j5gv-w838-mmcxghsaADVISORY
- liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44310mitrevendor-advisory
- nvd.nist.gov/vuln/detail/CVE-2023-44310ghsaADVISORY
- github.com/liferay/liferay-portal/commit/45931175b6ae14df089f0304f86b5b0f66ac3c02ghsaWEB
- liferay.atlassian.net/browse/LPE-17725ghsaWEB
- liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44310ghsaWEB
News mentions
0No linked articles in our index yet.