admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-477xx/CVE-2023-47795.json
cad-safe-bot 117e7d7ec1 Auto-Update: 2024-02-22T21:00:30.119467+00:00
2024-02-22 21:00:33 +00:00

59 lines
2.1 KiB
JSON
Raw Blame History

{
"id": "CVE-2023-47795",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-21T14:15:45.677",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting (XSS) vulnerability in the Document and Media widget in Liferay Portal 7.4.3.18 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 18 through 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into a document's \u201cTitle\u201d text field."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) Almacenado en el widget Documentos y Medios en Liferay Portal 7.4.3.18 a 7.4.3.101, y Liferay DXP 2023.Q3 antes del parche 6, y 7.4 actualizaciones 18 a 92 permite a usuarios remotos autenticados inyectar script web o HTML arbitrario a trav\u00e9s de un payload manipulado inyectado en el campo de texto \"T\u00edtulo\" de un documento."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@liferay.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@liferay.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-47795",
"source": "security@liferay.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink