CVE-2023-47797 Information
Nov 19, 2023
cve
Description
Reflected cross-site scripting (XSS) vulnerability on a content page’s edit page in Liferay Portal 7.4.3.94 through 7.4.3.95 allows remote attackers to inject arbitrary web script or HTML via the p_l_back_url_title parameter.
Reference
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-47797
Reflected
cross-site
scripting
(XSS)
vulnerability
on
a
content
page’s
edit
page
in
Liferay
Portal
7.4.3.94
through
7.4.3.95
allows
remote
attackers
to
inject
arbitrary
web
script
or
HTML
via
the
p_l_back_url_title
parameter.