6.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-33941

GHSA ID

GHSA-mvfv-w3fq-xp67

EPSS Score

0.48428%

CWE

CWE-79

Published

5/24/2023

Updated

11/6/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-33941

CVE-2023-33941: Cross-site scripting in Liferay Portal

Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter.

(GitHub Advisory)

6.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-33941

GHSA ID

GHSA-mvfv-w3fq-xp67

EPSS Score

0.48428%

CWE

CWE-79

Published

5/24/2023

Updated

11/6/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
com.liferay.portal:release.portal.bom	maven	>= 7.4.3.41, < 7.4.3.53	7.4.3.53

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

Multipl* *ross-sit* s*riptin* (XSS) vuln*r**iliti*s in t** Plu*in *or O*ut* *.* mo*ul*'s O*ut**Provi**r*ppli**tionR**ir**t *l*ss in Li**r*y Port*l *.*.*.** t*rou** *.*.*.**, *n* Li**r*y *XP *.* up**t* ** t*rou** ** *llow r*mot* *tt**k*rs to inj**t *r

Reasoning

No *n*lysis *v*il**l*

6.1

Basic Information

Concerned about an active attack path?

CVE-2023-33941: Cross-site scripting in Liferay Portal

6.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI