CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-33937

Stored cross-site scripting (XSS) vulnerability in Form widget configuration in Liferay Portal 7.1.0 through 7.3.0, and Liferay DXP 7.1 before fix pack 18, and 7.2 before fix pack 5 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a form's `name` field.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 35.5%

CVSS Severity

CVSS v3 Score 5.4

References

Products affected by CVE-2023-33937

Liferay » Digital Experience Platform » Version: 7.1

cpe:2.3:a:liferay:digital_experience_platform:7.1
Liferay » Digital Experience Platform » Version: 7.2

cpe:2.3:a:liferay:digital_experience_platform:7.2
Liferay » Liferay Portal » Version: 7.1.0

cpe:2.3:a:liferay:liferay_portal:7.1.0
Liferay » Liferay Portal » Version: 7.1.1

cpe:2.3:a:liferay:liferay_portal:7.1.1
Liferay » Liferay Portal » Version: 7.1.2

cpe:2.3:a:liferay:liferay_portal:7.1.2
Liferay » Liferay Portal » Version: 7.1.3

cpe:2.3:a:liferay:liferay_portal:7.1.3
Liferay » Liferay Portal » Version: 7.2

cpe:2.3:a:liferay:liferay_portal:7.2
Liferay » Liferay Portal » Version: 7.2.0

cpe:2.3:a:liferay:liferay_portal:7.2.0
Liferay » Liferay Portal » Version: 7.2.1

cpe:2.3:a:liferay:liferay_portal:7.2.1
Liferay » Liferay Portal » Version: 7.3

cpe:2.3:a:liferay:liferay_portal:7.3
Liferay » Liferay Portal » Version: 7.3.0

cpe:2.3:a:liferay:liferay_portal:7.3.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-33937

Products

Pricing

Contact Us