CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-3193

Cross-site scripting (XSS) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_layout_admin_web_portlet_GroupPagesPortlet_backURL` parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 34.4%

CVSS Severity

CVSS v3 Score 6.1

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-3193
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-3193

Products affected by CVE-2023-3193

Liferay » Dxp » Version: 7.4

cpe:2.3:a:liferay:dxp:7.4
Liferay » Liferay Portal » Version: 7.4.3.70

cpe:2.3:a:liferay:liferay_portal:7.4.3.70
Liferay » Liferay Portal » Version: 7.4.3.71

cpe:2.3:a:liferay:liferay_portal:7.4.3.71
Liferay » Liferay Portal » Version: 7.4.3.72

cpe:2.3:a:liferay:liferay_portal:7.4.3.72
Liferay » Liferay Portal » Version: 7.4.3.73

cpe:2.3:a:liferay:liferay_portal:7.4.3.73

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-3193

Products

Pricing

Contact Us