CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-33938

Cross-site scripting (XSS) vulnerability in the App Builder module's custom object details page in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before update 14 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an App Builder custom object's `Name` field.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 27.9%

CVSS Severity

CVSS v3 Score 4.8

References

Products affected by CVE-2023-33938

Liferay » Digital Experience Platform » Version: 7.3

cpe:2.3:a:liferay:digital_experience_platform:7.3
Liferay » Liferay Portal » Version: 7.3.0

cpe:2.3:a:liferay:liferay_portal:7.3.0
Liferay » Liferay Portal » Version: 7.3.1

cpe:2.3:a:liferay:liferay_portal:7.3.1
Liferay » Liferay Portal » Version: 7.3.2

cpe:2.3:a:liferay:liferay_portal:7.3.2
Liferay » Liferay Portal » Version: 7.3.3

cpe:2.3:a:liferay:liferay_portal:7.3.3
Liferay » Liferay Portal » Version: 7.3.4

cpe:2.3:a:liferay:liferay_portal:7.3.4
Liferay » Liferay Portal » Version: 7.3.5

cpe:2.3:a:liferay:liferay_portal:7.3.5
Liferay » Liferay Portal » Version: 7.3.6

cpe:2.3:a:liferay:liferay_portal:7.3.6
Liferay » Liferay Portal » Version: 7.3.7

cpe:2.3:a:liferay:liferay_portal:7.3.7
Liferay » Liferay Portal » Version: 7.4.0

cpe:2.3:a:liferay:liferay_portal:7.4.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-33938

Products

Pricing

Contact Us