CVE-2023-44309

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Oct 17, 2023

Updated: Oct 24, 2023

CWE ID 79

Summary

CVE-2023-44309 is a stored cross-site scripting (XSS) vulnerability affecting Liferay Portal versions 7.4.2 through 7.4.3.53 and Liferay DXP before update 54. These vulnerabilities lie in the fragment components of these software. A remote attacker can exploit this issue by injecting arbitrary web scripts or HTML into any non-HTML field of a linked source asset. Successful exploitation could lead to data theft, unauthorized access, or other malicious activities. Users are urged to update their software to address this vulnerability promptly.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Liferay Portal

Affected Vendors

Liferay

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/s0jSZy
https://www.cve.org/CVERecord?id=CVE-2023-44309
https://nvd.nist.gov/vuln/detail/CVE-2023-44309

Back to Vulnerability Database