One Article Review
| Source |  CVE Liste |
|---|---|
| Identifiant | 8339051 |
| Date de publication | 2023-05-24 13:15:09 (vue: 2023-05-24 15:07:01) |
| Titre | CVE-2023-33937 |
| Texte | Vulnérabilité de script de script inter-sites (XSS) stockée dans la configuration du widget de formulaire dans Liferay Portal 7.1.0 à 7.3.0, et Liveray DXP 7.1 avant Fix Pack 18, et 7.2 Avant Fix Pack 5 permet aux attaquants distants d'injecter un script Web arbitraire ou HTML via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via via le PACK 5Une charge utile fabriquée injectée dans un champ `` Name` de Form \\.
Stored cross-site scripting (XSS) vulnerability in Form widget configuration in Liferay Portal 7.1.0 through 7.3.0, and Liferay DXP 7.1 before fix pack 18, and 7.2 before fix pack 5 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a form\'s `name` field. |
| Notes | |
| Envoyé | Oui |
| Condensat | 2023 33937 `name` allows arbitrary attackers before configuration crafted cross cve dxp field fix form html inject injected liferay pack payload portal remote script scripting site stored through vulnerability web widget xss |
| Tags | Vulnerability |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.