Vulnerability Database

289,784

Total vulnerabilities in the database

CVE-2023-33939

Cross-site scripting (XSS) vulnerability in the Modified Facet widget in Liferay Portal 7.1.0 through 7.4.3.12, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 18, 7.3 before update 4, and 7.4 before update 9 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a facet label.

CVSS v3:

  • Severity: Medium
  • Score: 5.4
  • AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
com.liferay.portal / release.portal.bom 7.1.0 7.4.3.13
liferay / digital_experience_platform 7.2 7.2.x
liferay / digital_experience_platform 7.2-fix_pack_1 7.2-fix_pack_1.x
liferay / digital_experience_platform 7.2-fix_pack_2 7.2-fix_pack_2.x
liferay / digital_experience_platform 7.2-fix_pack_3 7.2-fix_pack_3.x
liferay / digital_experience_platform 7.2-fix_pack_5 7.2-fix_pack_5.x
liferay / digital_experience_platform 7.2-fix_pack_4 7.2-fix_pack_4.x
liferay / digital_experience_platform 7.1-fix_pack_6 7.1-fix_pack_6.x
liferay / digital_experience_platform 7.1-fix_pack_9 7.1-fix_pack_9.x
liferay / digital_experience_platform 7.1-fix_pack_10 7.1-fix_pack_10.x
liferay / digital_experience_platform 7.1-fix_pack_11 7.1-fix_pack_11.x
liferay / digital_experience_platform 7.1-fix_pack_12 7.1-fix_pack_12.x
liferay / digital_experience_platform 7.1-fix_pack_13 7.1-fix_pack_13.x
liferay / digital_experience_platform 7.1-fix_pack_14 7.1-fix_pack_14.x
liferay / digital_experience_platform 7.1-fix_pack_15 7.1-fix_pack_15.x
liferay / digital_experience_platform 7.1-fix_pack_16 7.1-fix_pack_16.x
liferay / digital_experience_platform 7.1-fix_pack_17 7.1-fix_pack_17.x
liferay / digital_experience_platform 7.1-fix_pack_4 7.1-fix_pack_4.x
liferay / digital_experience_platform 7.1 7.1.x
liferay / digital_experience_platform 7.1-fix_pack_1 7.1-fix_pack_1.x
liferay / digital_experience_platform 7.1-fix_pack_2 7.1-fix_pack_2.x
liferay / digital_experience_platform 7.1-fix_pack_3 7.1-fix_pack_3.x
liferay / digital_experience_platform 7.1-fix_pack_5 7.1-fix_pack_5.x
liferay / digital_experience_platform 7.1-fix_pack_7 7.1-fix_pack_7.x
liferay / digital_experience_platform 7.1-fix_pack_8 7.1-fix_pack_8.x
liferay / digital_experience_platform 7.1-fix_pack_19 7.1-fix_pack_19.x
liferay / digital_experience_platform 7.1-fix_pack_18 7.1-fix_pack_18.x
liferay / digital_experience_platform 7.2-fix_pack_6 7.2-fix_pack_6.x
liferay / digital_experience_platform 7.2-fix_pack_7 7.2-fix_pack_7.x
liferay / digital_experience_platform 7.2-fix_pack_8 7.2-fix_pack_8.x
liferay / digital_experience_platform 7.2-fix_pack_9 7.2-fix_pack_9.x
liferay / digital_experience_platform 7.3-fix_pack_1 7.3-fix_pack_1.x
liferay / digital_experience_platform 7.3 7.3.x
liferay / digital_experience_platform 7.2-fix_pack_11 7.2-fix_pack_11.x
liferay / digital_experience_platform 7.2-fix_pack_12 7.2-fix_pack_12.x
liferay / digital_experience_platform 7.2-fix_pack_13 7.2-fix_pack_13.x
liferay / digital_experience_platform 7.2-fix_pack_14 7.2-fix_pack_14.x
liferay / digital_experience_platform 7.2-fix_pack_15 7.2-fix_pack_15.x
liferay / digital_experience_platform 7.2-fix_pack_16 7.2-fix_pack_16.x
liferay / digital_experience_platform 7.1-fix_pack_20 7.1-fix_pack_20.x
liferay / digital_experience_platform 7.1-fix_pack_21 7.1-fix_pack_21.x
liferay / digital_experience_platform 7.1-fix_pack_22 7.1-fix_pack_22.x
liferay / digital_experience_platform 7.1-fix_pack_23 7.1-fix_pack_23.x
liferay / digital_experience_platform 7.2-fix_pack_10 7.2-fix_pack_10.x
liferay / digital_experience_platform 7.3-fix_pack_2 7.3-fix_pack_2.x
liferay / digital_experience_platform 7.4-update1 7.4-update1.x
liferay / digital_experience_platform 7.4 7.4.x
liferay / digital_experience_platform 7.1-fix_pack_24 7.1-fix_pack_24.x
liferay / digital_experience_platform 7.1-fix_pack_25 7.1-fix_pack_25.x
liferay / digital_experience_platform 7.1-fix_pack_26 7.1-fix_pack_26.x
liferay / liferay_portal 7.1.0 7.4.3.12.x