CVE-2023-47797 CRITICAL

CVE-2023-47797

Vendor Liferay

Product Portal

Weakness CWE-79 · XSS

Published November 17, 2023

Last update August 29, 2024

View on NVD All CVEs

CVSS base score

9.6/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Reflected cross-site scripting (XSS) vulnerability on a content page’s edit page in Liferay Portal 7.4.3.94 through 7.4.3.95 allows remote attackers to inject arbitrary web script or HTML via the `p_l_back_url_title` parameter.

Key dates

02Disclosure timeline

November 17, 2023 CVE published

August 29, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-47797

Related vulnerabilities

04Related CVE

CVE-2023-43710 Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) CVE-2024-2940 Campcodes Online Examination System updateCourse.php cross site scripting CVE-2025-0458 Virtual Computer Vysual RH Solution Login Panel index.php cross site scripting CVE-2026-29183 SiYuan: Unauthenticated reflected SVG XSS in `/api/icon/getDynamicIcon` (`type=8`) enables arbitrary JavaScript execution CVE-2026-44737 grav-plugin-admin: Stored Cross-Site Scripting (XSS) Reflected endpoint /admin/pages/[page], parameter data[header][title]