CVE-2023-42498 : Reflected cross-site scripting (XSS) vulnerability in the Language Override edit

Reflected cross-site scripting (XSS) vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 4 through 92 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_portal_language_override_web_internal_portlet_PLOPortlet_key parameter.

Published 2024-02-21 03:15:08

Updated 2025-01-28 02:47:39

Source Liferay Inc.

View at NVD, CVE.org

Vulnerability category: Cross site scripting (XSS)

Products affected by CVE-2023-42498

Liferay » Liferay Portal
Versions from including (>=) 7.4.3.8 and before (<) 7.4.3.98
cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update36
cpe:2.3:a:liferay:digital_experience_platform:7.4:update36:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update34
cpe:2.3:a:liferay:digital_experience_platform:7.4:update34:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update48
cpe:2.3:a:liferay:digital_experience_platform:7.4:update48:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update76
cpe:2.3:a:liferay:digital_experience_platform:7.4:update76:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update21
cpe:2.3:a:liferay:digital_experience_platform:7.4:update21:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update62
cpe:2.3:a:liferay:digital_experience_platform:7.4:update62:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update50
cpe:2.3:a:liferay:digital_experience_platform:7.4:update50:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update41
cpe:2.3:a:liferay:digital_experience_platform:7.4:update41:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update52
cpe:2.3:a:liferay:digital_experience_platform:7.4:update52:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update67
cpe:2.3:a:liferay:digital_experience_platform:7.4:update67:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update81
cpe:2.3:a:liferay:digital_experience_platform:7.4:update81:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update82
cpe:2.3:a:liferay:digital_experience_platform:7.4:update82:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update83
cpe:2.3:a:liferay:digital_experience_platform:7.4:update83:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update84
cpe:2.3:a:liferay:digital_experience_platform:7.4:update84:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update85
cpe:2.3:a:liferay:digital_experience_platform:7.4:update85:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update86
cpe:2.3:a:liferay:digital_experience_platform:7.4:update86:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update75
cpe:2.3:a:liferay:digital_experience_platform:7.4:update75:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update92
cpe:2.3:a:liferay:digital_experience_platform:7.4:update92:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update10
cpe:2.3:a:liferay:digital_experience_platform:7.4:update10:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update11
cpe:2.3:a:liferay:digital_experience_platform:7.4:update11:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update12
cpe:2.3:a:liferay:digital_experience_platform:7.4:update12:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update13
cpe:2.3:a:liferay:digital_experience_platform:7.4:update13:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update14
cpe:2.3:a:liferay:digital_experience_platform:7.4:update14:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update15
cpe:2.3:a:liferay:digital_experience_platform:7.4:update15:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update4
cpe:2.3:a:liferay:digital_experience_platform:7.4:update4:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update5
cpe:2.3:a:liferay:digital_experience_platform:7.4:update5:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update6
cpe:2.3:a:liferay:digital_experience_platform:7.4:update6:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update7
cpe:2.3:a:liferay:digital_experience_platform:7.4:update7:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update8
cpe:2.3:a:liferay:digital_experience_platform:7.4:update8:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update9
cpe:2.3:a:liferay:digital_experience_platform:7.4:update9:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update16
cpe:2.3:a:liferay:digital_experience_platform:7.4:update16:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update17
cpe:2.3:a:liferay:digital_experience_platform:7.4:update17:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update18
cpe:2.3:a:liferay:digital_experience_platform:7.4:update18:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update77
cpe:2.3:a:liferay:digital_experience_platform:7.4:update77:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update78
cpe:2.3:a:liferay:digital_experience_platform:7.4:update78:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update79
cpe:2.3:a:liferay:digital_experience_platform:7.4:update79:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update80
cpe:2.3:a:liferay:digital_experience_platform:7.4:update80:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update87
cpe:2.3:a:liferay:digital_experience_platform:7.4:update87:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update88
cpe:2.3:a:liferay:digital_experience_platform:7.4:update88:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update89
cpe:2.3:a:liferay:digital_experience_platform:7.4:update89:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update90
cpe:2.3:a:liferay:digital_experience_platform:7.4:update90:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update91
cpe:2.3:a:liferay:digital_experience_platform:7.4:update91:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update19
cpe:2.3:a:liferay:digital_experience_platform:7.4:update19:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update20
cpe:2.3:a:liferay:digital_experience_platform:7.4:update20:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update22
cpe:2.3:a:liferay:digital_experience_platform:7.4:update22:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update23
cpe:2.3:a:liferay:digital_experience_platform:7.4:update23:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update24
cpe:2.3:a:liferay:digital_experience_platform:7.4:update24:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update25
cpe:2.3:a:liferay:digital_experience_platform:7.4:update25:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update26
cpe:2.3:a:liferay:digital_experience_platform:7.4:update26:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update27
cpe:2.3:a:liferay:digital_experience_platform:7.4:update27:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update28
cpe:2.3:a:liferay:digital_experience_platform:7.4:update28:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update29
cpe:2.3:a:liferay:digital_experience_platform:7.4:update29:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update30
cpe:2.3:a:liferay:digital_experience_platform:7.4:update30:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update31
cpe:2.3:a:liferay:digital_experience_platform:7.4:update31:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update32
cpe:2.3:a:liferay:digital_experience_platform:7.4:update32:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update33
cpe:2.3:a:liferay:digital_experience_platform:7.4:update33:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update35
cpe:2.3:a:liferay:digital_experience_platform:7.4:update35:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update37
cpe:2.3:a:liferay:digital_experience_platform:7.4:update37:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update38
cpe:2.3:a:liferay:digital_experience_platform:7.4:update38:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update39
cpe:2.3:a:liferay:digital_experience_platform:7.4:update39:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update40
cpe:2.3:a:liferay:digital_experience_platform:7.4:update40:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update42
cpe:2.3:a:liferay:digital_experience_platform:7.4:update42:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update43
cpe:2.3:a:liferay:digital_experience_platform:7.4:update43:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update44
cpe:2.3:a:liferay:digital_experience_platform:7.4:update44:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update45
cpe:2.3:a:liferay:digital_experience_platform:7.4:update45:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update46
cpe:2.3:a:liferay:digital_experience_platform:7.4:update46:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update47
cpe:2.3:a:liferay:digital_experience_platform:7.4:update47:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update49
cpe:2.3:a:liferay:digital_experience_platform:7.4:update49:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update51
cpe:2.3:a:liferay:digital_experience_platform:7.4:update51:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update53
cpe:2.3:a:liferay:digital_experience_platform:7.4:update53:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update54
cpe:2.3:a:liferay:digital_experience_platform:7.4:update54:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update55
cpe:2.3:a:liferay:digital_experience_platform:7.4:update55:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update56
cpe:2.3:a:liferay:digital_experience_platform:7.4:update56:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update57
cpe:2.3:a:liferay:digital_experience_platform:7.4:update57:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update58
cpe:2.3:a:liferay:digital_experience_platform:7.4:update58:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update59
cpe:2.3:a:liferay:digital_experience_platform:7.4:update59:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update60
cpe:2.3:a:liferay:digital_experience_platform:7.4:update60:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update61
cpe:2.3:a:liferay:digital_experience_platform:7.4:update61:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update63
cpe:2.3:a:liferay:digital_experience_platform:7.4:update63:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update64
cpe:2.3:a:liferay:digital_experience_platform:7.4:update64:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update65
cpe:2.3:a:liferay:digital_experience_platform:7.4:update65:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update66
cpe:2.3:a:liferay:digital_experience_platform:7.4:update66:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update68
cpe:2.3:a:liferay:digital_experience_platform:7.4:update68:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update69
cpe:2.3:a:liferay:digital_experience_platform:7.4:update69:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update70
cpe:2.3:a:liferay:digital_experience_platform:7.4:update70:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update71
cpe:2.3:a:liferay:digital_experience_platform:7.4:update71:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update72
cpe:2.3:a:liferay:digital_experience_platform:7.4:update72:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update73
cpe:2.3:a:liferay:digital_experience_platform:7.4:update73:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 7.4 Update Update74
cpe:2.3:a:liferay:digital_experience_platform:7.4:update74:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 2023.q3.1
cpe:2.3:a:liferay:digital_experience_platform:2023.q3.1:*:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 2023.q3.4
cpe:2.3:a:liferay:digital_experience_platform:2023.q3.4:*:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 2023.q3.0
cpe:2.3:a:liferay:digital_experience_platform:2023.q3.0:*:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 2023.q3.2
cpe:2.3:a:liferay:digital_experience_platform:2023.q3.2:*:*:*:*:*:*:*
Matching versions
Liferay » Digital Experience Platform » Version: 2023.q3.3
cpe:2.3:a:liferay:digital_experience_platform:2023.q3.3:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-42498

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 22 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-42498

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.1	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	2.8	2.7	NIST	2025-01-28
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Changed Confidentiality: Low Integrity: Low Availability: None
9.6	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H	2.8	6.0	Liferay Inc.	2024-02-21
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Changed Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-42498

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Assigned by:
- nvd@nist.gov (Primary)
- security@liferay.com (Secondary)

References for CVE-2023-42498

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42498

CVE-2023-42498 XSS with `key` in language override - Liferay
Vendor Advisory

Jump to

Vulnerability Details : CVE-2023-42498

Products affected by CVE-2023-42498

Exploit prediction scoring system (EPSS) score for CVE-2023-42498

CVSS scores for CVE-2023-42498

CWE ids for CVE-2023-42498

References for CVE-2023-42498