Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-v32m-pf9q-p3xg

GitHub Security Advisory

Liferay Portal XSS with `p_l_back_url_title` on edit content page

✓ GitHub Reviewed CRITICAL Has CVE
View on GitHub

Advisory Details

Reflected cross-site scripting (XSS) vulnerability on a content page’s edit page in Liferay Portal 7.4.3.94 through 7.4.3.95 allows remote attackers to inject arbitrary web script or HTML via the `p_l_back_url_title` parameter.

Affected Packages

Maven com.liferay.portal:release.portal.bom
Affected versions: 7.4.3.94 (fixed in 7.4.3.96)

Related CVEs

CVE-2023-47797

Key Information

GHSA ID
GHSA-v32m-pf9q-p3xg
Published
November 17, 2023 6:31 AM
Last Modified
November 24, 2023 4:53 PM
CVSS Score
9.0 /10
Primary Ecosystem
Maven
Primary Package
com.liferay.portal:release.portal.bom
GitHub Reviewed
✓ Yes

Dataset

Last updated: September 16, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.