admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-443xx/CVE-2023-44311.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

184 lines
6.8 KiB
JSON
Raw Blame History

{
"id": "CVE-2023-44311",
"sourceIdentifier": "security@liferay.com",
"published": "2023-10-17T10:15:09.947",
"lastModified": "2024-11-21T08:25:38.623",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple reflected cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.89, and Liferay DXP 7.4 update 41 through update 89 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter. This issue is caused by an incomplete fix in CVE-2023-33941."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de Cross-Site Scripting (XSS) reflejadas en el complemento para la clase OAuth2ProviderApplicationRedirect del m\u00f3dulo OAuth 2.0 en Liferay Portal v7.4.3.41 a 7.4.3.89 y Liferay DXP 7.4 actualizaci\u00f3n 41 a 89 permiten a atacantes remotos inyectar script web o HTML arbitrarios mediante el (1) c\u00f3digo o (2) el par\u00e1metro de error. Este problema se debe a una soluci\u00f3n incompleta en CVE-2023-33941."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@liferay.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@liferay.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update41:*:*:*:*:*:*",
"matchCriteriaId": "2B256485-E289-4092-B45B-835DE12625B9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update48:*:*:*:*:*:*",
"matchCriteriaId": "67F50AF8-7B0E-4D01-9EB2-C6625E9DACB6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update50:*:*:*:*:*:*",
"matchCriteriaId": "CCD1DEA0-8823-4780-B5EE-C1A2BB3C6B4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update52:*:*:*:*:*:*",
"matchCriteriaId": "DC6FF5AB-B6E4-45D9-854B-29DEC200DA4D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update62:*:*:*:*:*:*",
"matchCriteriaId": "365F28B6-DBF2-45BB-A06D-DD80CFBAD7BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update67:*:*:*:*:*:*",
"matchCriteriaId": "960F3F22-9CC8-4655-9B09-777E5A5A1239"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update76:*:*:*:*:*:*",
"matchCriteriaId": "7E325115-EEBC-41F4-8606-45270DA40B98"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update81:*:*:*:*:*:*",
"matchCriteriaId": "294D8A56-A797-433C-A06E-106B2179151A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update82:*:*:*:*:*:*",
"matchCriteriaId": "824D88D9-4645-4CAD-8CAB-30F27DD388C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update83:*:*:*:*:*:*",
"matchCriteriaId": "F6E8C952-B455-46E4-AC3D-D38CAF189F60"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update84:*:*:*:*:*:*",
"matchCriteriaId": "CD77C0EE-AC79-4443-A502-C1E02F806911"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update85:*:*:*:*:*:*",
"matchCriteriaId": "648EB53C-7A90-4DA6-BF1C-B5336CDE30C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:digital_experience_platform:7.4:update86:*:*:*:*:*:*",
"matchCriteriaId": "39835EF7-8E93-4695-973D-6E9B76C67372"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.4.3.41",
"versionEndExcluding": "7.4.3.90",
"matchCriteriaId": "6204FB7B-6129-4E68-A811-6B51961C3D4A"
}
]
}
]
}
],
"references": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44311",
"source": "security@liferay.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44311",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink