Reflected cross-site scripting (XSS) vulnerability on the Export for Translation page in Liferay Portal 7.4.3.4 through 7.4.3.85, and Liferay DXP 7.4 before update 86 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_translation_web_internal_portlet_TranslationPortlet_redirect` parameter.
References
Link | Resource |
---|---|
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42497 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Liferay
Published: 2023-10-17T07:56:20.696Z
Updated: 2023-10-17T07:56:20.696Z
Reserved: 2023-09-11T08:54:24.312Z
Link: CVE-2023-42497
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-10-17T08:15:09.437
Modified: 2023-10-23T14:09:51.670
Link: CVE-2023-42497
JSON object: View
Redhat Information
No data.
CWE