{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2023-082.pdf"
    },
    "title": "Multiple Vulnerabilities in LifeRay products",
    "serial_number": "2023-082",
    "publish_date": "27-10-2023 21:03:37",
    "description": "This security advisory addresses multiple vulnerabilities in Liferay Portal and Liferay DXP related to cross-site scripting (XSS) attacks. Users are urged to update their installations to the latest versions as provided in the \"Recommendations\" section.<br>\n",
    "url_title": "2023-082",
    "content_markdown": "---\ntitle: 'Multiple Vulnerabilities in LifeRay products'\nnumber: '2023-082'\nversion: '1.0'\noriginal_date: 'October 17, 2023'\ndate: 'October 26, 2023'\n---\n\n_History:_\n\n* _26/10/2023 --- v1.0 -- Initial publication_\n\n\n# Summary\n\nThis security advisory addresses multiple vulnerabilities in Liferay Portal and Liferay DXP related to cross-site scripting (XSS) attacks [1]. Users are urged to update their installations to the latest versions as provided in the \"Recommendations\" section.\n\n# Technical Details\n\nThe vulnerabilities are described as follows:\n\n1. **CVE-2023-44311 - Reflected XSS with 'code' and 'error' in OAuth2ProviderApplicationRedirect**: This vulnerability, with a CVSS score of 9.6, allows remote attackers to inject arbitrary web script or HTML via the `code`, or `error` parameter [2].\n2. **CVE-2023-42628 - XSS with child wiki pages**: This vulnerability, with a CVSS score of 9.0, allows remote attackers to inject arbitrary web script or HTML into a parent wiki page via a crafted payload injected into a wiki page's \u2018Content\u2019 text field [3].\n3. **CVE-2023-42627 - Multiple stored XSS with shipping & billing address**: This vulnerability, with a CVSS score of 9.6, allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into multiple fields in the Commerce module [4].\n4. **CVE-2023-42497 - XSS with `redirect` in export translation**: This vulnerability, with a CVSS score of 9.6, allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_translation_web_internal_portlet_TranslationPortlet_redirect` parameter [5].\n5. **CVE-2023-42629 - Stored XSS vulnerability with vocabulary description**: This vulnerability, with a CVSS score of 9.0, allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a Vocabulary's `description` text field [6].\n6. **CVE-2023-44310 - XSS with page name in Page Tree**: This vulnerability, with a CVSS score of 9.0, allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into page's `Name` text field.\n\n# Affected Products\n\nThese vulnerabilities affect Liferay DXP and Liferay Portal. Please refer to the individual CVE details above.\n\n# Recommendations\n\nUsers running affected versions should update to the latest versions available.\n\n# References\n    \n[1] <https://liferay.dev/portal/security/known-vulnerabilities>\n\n[2] <https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44311>\n\n[3] <https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42628>\n\n[4] <https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42627>\n\n[5] <https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42497>\n\n[6] <https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42629>\n\n[7] <https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44310>",
    "content_html": "<p><em>History:</em></p><ul><li><em>26/10/2023 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>This security advisory addresses multiple vulnerabilities in Liferay Portal and Liferay DXP related to cross-site scripting (XSS) attacks [1]. Users are urged to update their installations to the latest versions as provided in the \"Recommendations\" section.</p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerabilities are described as follows:</p><ol><li><strong>CVE-2023-44311 - Reflected XSS with 'code' and 'error' in OAuth2ProviderApplicationRedirect</strong>: This vulnerability, with a CVSS score of 9.6, allows remote attackers to inject arbitrary web script or HTML via the <code>code</code>, or <code>error</code> parameter [2].</li><li><strong>CVE-2023-42628 - XSS with child wiki pages</strong>: This vulnerability, with a CVSS score of 9.0, allows remote attackers to inject arbitrary web script or HTML into a parent wiki page via a crafted payload injected into a wiki page's \u2018Content\u2019 text field [3].</li><li><strong>CVE-2023-42627 - Multiple stored XSS with shipping &amp; billing address</strong>: This vulnerability, with a CVSS score of 9.6, allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into multiple fields in the Commerce module [4].</li><li><strong>CVE-2023-42497 - XSS with <code>redirect</code> in export translation</strong>: This vulnerability, with a CVSS score of 9.6, allows remote attackers to inject arbitrary web script or HTML via the <code>_com_liferay_translation_web_internal_portlet_TranslationPortlet_redirect</code> parameter [5].</li><li><strong>CVE-2023-42629 - Stored XSS vulnerability with vocabulary description</strong>: This vulnerability, with a CVSS score of 9.0, allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a Vocabulary's <code>description</code> text field [6].</li><li><strong>CVE-2023-44310 - XSS with page name in Page Tree</strong>: This vulnerability, with a CVSS score of 9.0, allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into page's <code>Name</code> text field.</li></ol><h2 id=\"affected-products\">Affected Products</h2><p>These vulnerabilities affect Liferay DXP and Liferay Portal. Please refer to the individual CVE details above.</p><h2 id=\"recommendations\">Recommendations</h2><p>Users running affected versions should update to the latest versions available.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://liferay.dev/portal/security/known-vulnerabilities\">https://liferay.dev/portal/security/known-vulnerabilities</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44311\">https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44311</a></p><p>[3] <a rel=\"noopener\" target=\"_blank\" href=\"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42628\">https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42628</a></p><p>[4] <a rel=\"noopener\" target=\"_blank\" href=\"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42627\">https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42627</a></p><p>[5] <a rel=\"noopener\" target=\"_blank\" href=\"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42497\">https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42497</a></p><p>[6] <a rel=\"noopener\" target=\"_blank\" href=\"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42629\">https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42629</a></p><p>[7] <a rel=\"noopener\" target=\"_blank\" href=\"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44310\">https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-44310</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}