CVE-2023-42496 : Reflected cross-site scripting (XSS) vulnerability on the add assignees to a rol

Reflected cross-site scripting (XSS) vulnerability on the add assignees to a role page in Liferay Portal 7.3.3 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, 7.4 GA through update 92, and 7.3 before update 34 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_roles_admin_web_portlet_RolesAdminPortlet_tabs2 parameter.

Published 2024-02-21 03:15:08

Updated 2025-01-28 02:54:34

Source Liferay Inc.

View at NVD, CVE.org

Vulnerability category: Cross site scripting (XSS)

Products affected by CVE-2023-42496

Liferay » Liferay Portal
Versions from including (>=) 7.3.3 and before (<) 7.4.3.98
cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.3 Update Fix Pack 2
cpe:2.3:a:liferay:digital_experience_platform:7.3:fix_pack_2:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.3
cpe:2.3:a:liferay:digital_experience_platform:7.3:-:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.3 Update Fix Pack 1
cpe:2.3:a:liferay:digital_experience_platform:7.3:fix_pack_1:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4
cpe:2.3:a:liferay:digital_experience_platform:7.4:-:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update1
cpe:2.3:a:liferay:digital_experience_platform:7.4:update1:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update36
cpe:2.3:a:liferay:digital_experience_platform:7.4:update36:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update34
cpe:2.3:a:liferay:digital_experience_platform:7.4:update34:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update48
cpe:2.3:a:liferay:digital_experience_platform:7.4:update48:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update76
cpe:2.3:a:liferay:digital_experience_platform:7.4:update76:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update21
cpe:2.3:a:liferay:digital_experience_platform:7.4:update21:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update62
cpe:2.3:a:liferay:digital_experience_platform:7.4:update62:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update50
cpe:2.3:a:liferay:digital_experience_platform:7.4:update50:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update41
cpe:2.3:a:liferay:digital_experience_platform:7.4:update41:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update52
cpe:2.3:a:liferay:digital_experience_platform:7.4:update52:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update67
cpe:2.3:a:liferay:digital_experience_platform:7.4:update67:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update81
cpe:2.3:a:liferay:digital_experience_platform:7.4:update81:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update82
cpe:2.3:a:liferay:digital_experience_platform:7.4:update82:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update83
cpe:2.3:a:liferay:digital_experience_platform:7.4:update83:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update84
cpe:2.3:a:liferay:digital_experience_platform:7.4:update84:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update85
cpe:2.3:a:liferay:digital_experience_platform:7.4:update85:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update86
cpe:2.3:a:liferay:digital_experience_platform:7.4:update86:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.3 Update Update14
cpe:2.3:a:liferay:digital_experience_platform:7.3:update14:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.3 Update Update32
cpe:2.3:a:liferay:digital_experience_platform:7.3:update32:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.3 Update Update33
cpe:2.3:a:liferay:digital_experience_platform:7.3:update33:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update75
cpe:2.3:a:liferay:digital_experience_platform:7.4:update75:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update92
cpe:2.3:a:liferay:digital_experience_platform:7.4:update92:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.3 Update Update29
cpe:2.3:a:liferay:digital_experience_platform:7.3:update29:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.3 Update Service Pack 1
cpe:2.3:a:liferay:digital_experience_platform:7.3:service_pack_1:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.3 Update Service Pack 3
cpe:2.3:a:liferay:digital_experience_platform:7.3:service_pack_3:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.3 Update Update10
cpe:2.3:a:liferay:digital_experience_platform:7.3:update10:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.3 Update Update11
cpe:2.3:a:liferay:digital_experience_platform:7.3:update11:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.3 Update Update4
cpe:2.3:a:liferay:digital_experience_platform:7.3:update4:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.3 Update Update5
cpe:2.3:a:liferay:digital_experience_platform:7.3:update5:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.3 Update Update6
cpe:2.3:a:liferay:digital_experience_platform:7.3:update6:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.3 Update Update7
cpe:2.3:a:liferay:digital_experience_platform:7.3:update7:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.3 Update Update8
cpe:2.3:a:liferay:digital_experience_platform:7.3:update8:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.3 Update Update9
cpe:2.3:a:liferay:digital_experience_platform:7.3:update9:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update2
cpe:2.3:a:liferay:digital_experience_platform:7.4:update2:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update3
cpe:2.3:a:liferay:digital_experience_platform:7.4:update3:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update10
cpe:2.3:a:liferay:digital_experience_platform:7.4:update10:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update11
cpe:2.3:a:liferay:digital_experience_platform:7.4:update11:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update12
cpe:2.3:a:liferay:digital_experience_platform:7.4:update12:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update13
cpe:2.3:a:liferay:digital_experience_platform:7.4:update13:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update14
cpe:2.3:a:liferay:digital_experience_platform:7.4:update14:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update15
cpe:2.3:a:liferay:digital_experience_platform:7.4:update15:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update4
cpe:2.3:a:liferay:digital_experience_platform:7.4:update4:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update5
cpe:2.3:a:liferay:digital_experience_platform:7.4:update5:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update6
cpe:2.3:a:liferay:digital_experience_platform:7.4:update6:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update7
cpe:2.3:a:liferay:digital_experience_platform:7.4:update7:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update8
cpe:2.3:a:liferay:digital_experience_platform:7.4:update8:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update9
cpe:2.3:a:liferay:digital_experience_platform:7.4:update9:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update16
cpe:2.3:a:liferay:digital_experience_platform:7.4:update16:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update17
cpe:2.3:a:liferay:digital_experience_platform:7.4:update17:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update18
cpe:2.3:a:liferay:digital_experience_platform:7.4:update18:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update77
cpe:2.3:a:liferay:digital_experience_platform:7.4:update77:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update78
cpe:2.3:a:liferay:digital_experience_platform:7.4:update78:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update79
cpe:2.3:a:liferay:digital_experience_platform:7.4:update79:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update80
cpe:2.3:a:liferay:digital_experience_platform:7.4:update80:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update87
cpe:2.3:a:liferay:digital_experience_platform:7.4:update87:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update88
cpe:2.3:a:liferay:digital_experience_platform:7.4:update88:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update89
cpe:2.3:a:liferay:digital_experience_platform:7.4:update89:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update90
cpe:2.3:a:liferay:digital_experience_platform:7.4:update90:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update91
cpe:2.3:a:liferay:digital_experience_platform:7.4:update91:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.3 Update Update12
cpe:2.3:a:liferay:digital_experience_platform:7.3:update12:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.3 Update Update13
cpe:2.3:a:liferay:digital_experience_platform:7.3:update13:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.3 Update Update15
cpe:2.3:a:liferay:digital_experience_platform:7.3:update15:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.3 Update Update16
cpe:2.3:a:liferay:digital_experience_platform:7.3:update16:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.3 Update Update17
cpe:2.3:a:liferay:digital_experience_platform:7.3:update17:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.3 Update Update18
cpe:2.3:a:liferay:digital_experience_platform:7.3:update18:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.3 Update Update19
cpe:2.3:a:liferay:digital_experience_platform:7.3:update19:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.3 Update Update20
cpe:2.3:a:liferay:digital_experience_platform:7.3:update20:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.3 Update Update21
cpe:2.3:a:liferay:digital_experience_platform:7.3:update21:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.3 Update Update22
cpe:2.3:a:liferay:digital_experience_platform:7.3:update22:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.3 Update Update23
cpe:2.3:a:liferay:digital_experience_platform:7.3:update23:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.3 Update Update24
cpe:2.3:a:liferay:digital_experience_platform:7.3:update24:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.3 Update Update25
cpe:2.3:a:liferay:digital_experience_platform:7.3:update25:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.3 Update Update26
cpe:2.3:a:liferay:digital_experience_platform:7.3:update26:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.3 Update Update27
cpe:2.3:a:liferay:digital_experience_platform:7.3:update27:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.3 Update Update28
cpe:2.3:a:liferay:digital_experience_platform:7.3:update28:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.3 Update Update30
cpe:2.3:a:liferay:digital_experience_platform:7.3:update30:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.3 Update Update31
cpe:2.3:a:liferay:digital_experience_platform:7.3:update31:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update19
cpe:2.3:a:liferay:digital_experience_platform:7.4:update19:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update20
cpe:2.3:a:liferay:digital_experience_platform:7.4:update20:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update22
cpe:2.3:a:liferay:digital_experience_platform:7.4:update22:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update23
cpe:2.3:a:liferay:digital_experience_platform:7.4:update23:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update24
cpe:2.3:a:liferay:digital_experience_platform:7.4:update24:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update25
cpe:2.3:a:liferay:digital_experience_platform:7.4:update25:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update26
cpe:2.3:a:liferay:digital_experience_platform:7.4:update26:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update27
cpe:2.3:a:liferay:digital_experience_platform:7.4:update27:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update28
cpe:2.3:a:liferay:digital_experience_platform:7.4:update28:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update29
cpe:2.3:a:liferay:digital_experience_platform:7.4:update29:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update30
cpe:2.3:a:liferay:digital_experience_platform:7.4:update30:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update31
cpe:2.3:a:liferay:digital_experience_platform:7.4:update31:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update32
cpe:2.3:a:liferay:digital_experience_platform:7.4:update32:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update33
cpe:2.3:a:liferay:digital_experience_platform:7.4:update33:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update35
cpe:2.3:a:liferay:digital_experience_platform:7.4:update35:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update37
cpe:2.3:a:liferay:digital_experience_platform:7.4:update37:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update38
cpe:2.3:a:liferay:digital_experience_platform:7.4:update38:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update39
cpe:2.3:a:liferay:digital_experience_platform:7.4:update39:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update40
cpe:2.3:a:liferay:digital_experience_platform:7.4:update40:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update42
cpe:2.3:a:liferay:digital_experience_platform:7.4:update42:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update43
cpe:2.3:a:liferay:digital_experience_platform:7.4:update43:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update44
cpe:2.3:a:liferay:digital_experience_platform:7.4:update44:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update45
cpe:2.3:a:liferay:digital_experience_platform:7.4:update45:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update46
cpe:2.3:a:liferay:digital_experience_platform:7.4:update46:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update47
cpe:2.3:a:liferay:digital_experience_platform:7.4:update47:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update49
cpe:2.3:a:liferay:digital_experience_platform:7.4:update49:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update51
cpe:2.3:a:liferay:digital_experience_platform:7.4:update51:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update53
cpe:2.3:a:liferay:digital_experience_platform:7.4:update53:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update54
cpe:2.3:a:liferay:digital_experience_platform:7.4:update54:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update55
cpe:2.3:a:liferay:digital_experience_platform:7.4:update55:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update56
cpe:2.3:a:liferay:digital_experience_platform:7.4:update56:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update57
cpe:2.3:a:liferay:digital_experience_platform:7.4:update57:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update58
cpe:2.3:a:liferay:digital_experience_platform:7.4:update58:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update59
cpe:2.3:a:liferay:digital_experience_platform:7.4:update59:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update60
cpe:2.3:a:liferay:digital_experience_platform:7.4:update60:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update61
cpe:2.3:a:liferay:digital_experience_platform:7.4:update61:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update63
cpe:2.3:a:liferay:digital_experience_platform:7.4:update63:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update64
cpe:2.3:a:liferay:digital_experience_platform:7.4:update64:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update65
cpe:2.3:a:liferay:digital_experience_platform:7.4:update65:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update66
cpe:2.3:a:liferay:digital_experience_platform:7.4:update66:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update68
cpe:2.3:a:liferay:digital_experience_platform:7.4:update68:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update69
cpe:2.3:a:liferay:digital_experience_platform:7.4:update69:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update70
cpe:2.3:a:liferay:digital_experience_platform:7.4:update70:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update71
cpe:2.3:a:liferay:digital_experience_platform:7.4:update71:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update72
cpe:2.3:a:liferay:digital_experience_platform:7.4:update72:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update73
cpe:2.3:a:liferay:digital_experience_platform:7.4:update73:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update74
cpe:2.3:a:liferay:digital_experience_platform:7.4:update74:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-42496

EPSS FAQ

0.28%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 51 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-42496

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.1	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	2.8	2.7	NIST	2025-01-28
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Changed Confidentiality: Low Integrity: Low Availability: None
9.6	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H	2.8	6.0	Liferay Inc.	2024-02-21
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Changed Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-42496

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Assigned by:
- nvd@nist.gov (Primary)
- security@liferay.com (Secondary)

References for CVE-2023-42496

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42496

CVE-2023-42496 XSS with `tabs2` in role assignment - Liferay
Vendor Advisory

Jump to

Vulnerability Details : CVE-2023-42496

Products affected by CVE-2023-42496

Exploit prediction scoring system (EPSS) score for CVE-2023-42496

CVSS scores for CVE-2023-42496

CWE ids for CVE-2023-42496

References for CVE-2023-42496