CVE-2023-42628

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Oct 17, 2023

Updated: Dec 28, 2023

CWE ID 79

Summary

CVE-2023-42628 is a stored cross-site scripting (XSS) vulnerability affecting various versions of Liferay Portal and DXP. This issue, located in the Wiki widget, allows remote attackers to inject malicious web scripts or HTML into a parent wiki page by manipulating a crafted payload in the 'Content' field of a wiki page. Successful exploitation could lead to unauthorized access, data theft, or site defacement. Users are advised to update their Liferay installations as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Liferay Portal

Affected Vendors

Liferay

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sqS7P-
https://www.cve.org/CVERecord?id=CVE-2023-42628
https://nvd.nist.gov/vuln/detail/CVE-2023-42628

Back to Vulnerability Database