CVE-2023-37940

Cross-site scripting (XSS) vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a service access policy's `Service Class` text field.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.8 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
LiferayCNA
4.8 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
VendorProductVersion
liferayliferay_portal
7.0.0 ≤
𝑥
< 7.4.3.88
liferaydigital_experience_platform
7.0 ≤
𝑥
< 7.3
liferaydigital_experience_platform
7.3
liferaydigital_experience_platform
7.3:fix_pack_1
liferaydigital_experience_platform
7.3:fix_pack_2
liferaydigital_experience_platform
7.3:service_pack_1
liferaydigital_experience_platform
7.3:service_pack_3
liferaydigital_experience_platform
7.3:update10
liferaydigital_experience_platform
7.3:update11
liferaydigital_experience_platform
7.3:update12
liferaydigital_experience_platform
7.3:update13
liferaydigital_experience_platform
7.3:update14
liferaydigital_experience_platform
7.3:update15
liferaydigital_experience_platform
7.3:update16
liferaydigital_experience_platform
7.3:update17
liferaydigital_experience_platform
7.3:update18
liferaydigital_experience_platform
7.3:update19
liferaydigital_experience_platform
7.3:update20
liferaydigital_experience_platform
7.3:update21
liferaydigital_experience_platform
7.3:update22
liferaydigital_experience_platform
7.3:update23
liferaydigital_experience_platform
7.3:update24
liferaydigital_experience_platform
7.3:update25
liferaydigital_experience_platform
7.3:update26
liferaydigital_experience_platform
7.3:update27
liferaydigital_experience_platform
7.3:update28
liferaydigital_experience_platform
7.3:update29
liferaydigital_experience_platform
7.3:update4
liferaydigital_experience_platform
7.3:update5
liferaydigital_experience_platform
7.3:update6
liferaydigital_experience_platform
7.3:update7
liferaydigital_experience_platform
7.3:update8
liferaydigital_experience_platform
7.3:update9
liferaydigital_experience_platform
7.4
liferaydigital_experience_platform
7.4:update1
liferaydigital_experience_platform
7.4:update10
liferaydigital_experience_platform
7.4:update11
liferaydigital_experience_platform
7.4:update12
liferaydigital_experience_platform
7.4:update13
liferaydigital_experience_platform
7.4:update14
liferaydigital_experience_platform
7.4:update15
liferaydigital_experience_platform
7.4:update16
liferaydigital_experience_platform
7.4:update17
liferaydigital_experience_platform
7.4:update18
liferaydigital_experience_platform
7.4:update19
liferaydigital_experience_platform
7.4:update2
liferaydigital_experience_platform
7.4:update20
liferaydigital_experience_platform
7.4:update21
liferaydigital_experience_platform
7.4:update22
liferaydigital_experience_platform
7.4:update23
liferaydigital_experience_platform
7.4:update24
liferaydigital_experience_platform
7.4:update25
liferaydigital_experience_platform
7.4:update26
liferaydigital_experience_platform
7.4:update27
liferaydigital_experience_platform
7.4:update28
liferaydigital_experience_platform
7.4:update29
liferaydigital_experience_platform
7.4:update3
liferaydigital_experience_platform
7.4:update30
liferaydigital_experience_platform
7.4:update31
liferaydigital_experience_platform
7.4:update32
liferaydigital_experience_platform
7.4:update33
liferaydigital_experience_platform
7.4:update34
liferaydigital_experience_platform
7.4:update35
liferaydigital_experience_platform
7.4:update36
liferaydigital_experience_platform
7.4:update37
liferaydigital_experience_platform
7.4:update38
liferaydigital_experience_platform
7.4:update39
liferaydigital_experience_platform
7.4:update4
liferaydigital_experience_platform
7.4:update40
liferaydigital_experience_platform
7.4:update41
liferaydigital_experience_platform
7.4:update42
liferaydigital_experience_platform
7.4:update43
liferaydigital_experience_platform
7.4:update44
liferaydigital_experience_platform
7.4:update45
liferaydigital_experience_platform
7.4:update46
liferaydigital_experience_platform
7.4:update47
liferaydigital_experience_platform
7.4:update48
liferaydigital_experience_platform
7.4:update49
liferaydigital_experience_platform
7.4:update5
liferaydigital_experience_platform
7.4:update50
liferaydigital_experience_platform
7.4:update51
liferaydigital_experience_platform
7.4:update52
liferaydigital_experience_platform
7.4:update53
liferaydigital_experience_platform
7.4:update54
liferaydigital_experience_platform
7.4:update55
liferaydigital_experience_platform
7.4:update56
liferaydigital_experience_platform
7.4:update57
liferaydigital_experience_platform
7.4:update58
liferaydigital_experience_platform
7.4:update59
liferaydigital_experience_platform
7.4:update6
liferaydigital_experience_platform
7.4:update60
liferaydigital_experience_platform
7.4:update61
liferaydigital_experience_platform
7.4:update62
liferaydigital_experience_platform
7.4:update63
liferaydigital_experience_platform
7.4:update64
liferaydigital_experience_platform
7.4:update65
liferaydigital_experience_platform
7.4:update66
liferaydigital_experience_platform
7.4:update67
liferaydigital_experience_platform
7.4:update68
liferaydigital_experience_platform
7.4:update69
liferaydigital_experience_platform
7.4:update7
liferaydigital_experience_platform
7.4:update70
liferaydigital_experience_platform
7.4:update71
liferaydigital_experience_platform
7.4:update72
liferaydigital_experience_platform
7.4:update73
liferaydigital_experience_platform
7.4:update74
liferaydigital_experience_platform
7.4:update75
liferaydigital_experience_platform
7.4:update76
liferaydigital_experience_platform
7.4:update77
liferaydigital_experience_platform
7.4:update78
liferaydigital_experience_platform
7.4:update79
liferaydigital_experience_platform
7.4:update8
liferaydigital_experience_platform
7.4:update80
liferaydigital_experience_platform
7.4:update81
liferaydigital_experience_platform
7.4:update82
liferaydigital_experience_platform
7.4:update83
liferaydigital_experience_platform
7.4:update84
liferaydigital_experience_platform
7.4:update85
liferaydigital_experience_platform
7.4:update86
liferaydigital_experience_platform
7.4:update87
liferaydigital_experience_platform
7.4:update9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2023-37940