Security Listings

Liferay DXP 7.4 Liferay Portal 7.4

9.6

CVE-2023-44311 Reflected XSS with 'code' and 'error' in OAuth2ProviderApplicationRedirect

Description

Multiple reflected cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal and Liferay DXP allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter. This issue is caused by an incomplete fix in CVE-2023-33941.

Severity

9.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)

Affected Version(s)

Liferay DXP 7.4 update 41 through update 89
Liferay Portal 7.4.3.41 through 7.4.3.89

Fixed Version(s)

Liferay DXP 7.4 update 90
Liferay Portal 7.4.3.90

CVE-2023-44311

Publication Date:

lokakuuta 17, 2023

Found a Bug?

If you have found, or think you have found a bug, help us to help you by letting us know!

Learn How >

Found a Security Vulnerability?

There's a different process available if you have a security issue to report...

Learn How >

Hall of Fame!

Raise your profile - report security vulnerabilities and enter the Hall of Fame!

Learn How >

Community

Company

Feedback