admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2023/CVE-2023-47795.md

20 lines
1.1 KiB
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2023-47795](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47795)
![](https://img.shields.io/static/v1?label=Product&message=DXP&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Portal&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=2023.q3.1%3C%3D%202023.q3.5%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=7.4.3.18%3C%3D%207.4.3.101%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Improper%20Neutralization%20of%20Input%20During%20Web%20Page%20Generation%20('Cross-site%20Scripting')&color=brighgreen)
### Description
Stored cross-site scripting (XSS) vulnerability in the Document and Media widget in Liferay Portal 7.4.3.18 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 18 through 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into a document's “Title” text field.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
Reference in New Issue Copy Permalink