Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-j663-6jpj-xx8c

GitHub Security Advisory

Liferay Portal and Liferay DXP Vulnerable to XSS in the Fragment Components

✓ GitHub Reviewed CRITICAL Has CVE
View on GitHub

Advisory Details

Multiple stored cross-site scripting (XSS) vulnerabilities in the fragment components before 3.0.25 from Liferay Portal (7.4.2 through 7.4.3.53), and Liferay DXP 7.4 before update 54 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into any non-HTML field of a linked source asset.

Affected Packages

Maven com.liferay:com.liferay.fragment.entry.processor.impl
Affected versions: 0 (fixed in 3.0.25)
Maven com.liferay.portal:release.dxp.bom
Affected versions: 7.4.0 (fixed in 7.4.13.u54)

Related CVEs

CVE-2023-44309

Key Information

GHSA ID
GHSA-j663-6jpj-xx8c
Published
October 17, 2023 9:30 AM
Last Modified
August 8, 2025 9:14 PM
CVSS Score
9.0 /10
Primary Ecosystem
Maven
Primary Package
com.liferay:com.liferay.fragment.entry.processor.impl
GitHub Reviewed
✓ Yes

Dataset

Last updated: September 14, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.