CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-47797

Reflected cross-site scripting (XSS) vulnerability on a content page’s edit page in Liferay Portal 7.4.3.94 through 7.4.3.95 allows remote attackers to inject arbitrary web script or HTML via the `p_l_back_url_title` parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 35.9%

CVSS Severity

CVSS v3 Score 9.6

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-47797
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-47797

Products affected by CVE-2023-47797

Liferay » Liferay Portal » Version: 7.4.3.94

cpe:2.3:a:liferay:liferay_portal:7.4.3.94
Liferay » Liferay Portal » Version: 7.4.3.95

cpe:2.3:a:liferay:liferay_portal:7.4.3.95

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-47797

Products

Pricing

Contact Us