Stored cross-site scripting (XSS) vulnerability in Page Tree menu Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into page's "Name" text field.
References
Link | Resource |
---|---|
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44310 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Liferay
Published: 2023-10-17T09:28:17.244Z
Updated: 2023-10-17T09:28:17.244Z
Reserved: 2023-09-28T11:23:54.829Z
Link: CVE-2023-44310
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-10-17T10:15:09.793
Modified: 2023-10-24T17:47:18.317
Link: CVE-2023-44310
JSON object: View
Redhat Information
No data.
CWE