Vulnerability Description
Multiple stored cross-site scripting (XSS) vulnerabilities in the Commerce module in Liferay Portal 7.3.5 through 7.4.3.91, and Liferay DXP 7.3 update 33 and earlier, and 7.4 before update 92 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a (1) Shipping Name, (2) Shipping Phone Number, (3) Shipping Address, (4) Shipping Address 2, (5) Shipping Address 3, (6) Shipping Zip, (7) Shipping City, (8) Shipping Region (9), Shipping Country, (10) Billing Name, (11) Billing Phone Number, (12) Billing Address, (13) Billing Address 2, (14) Billing Address 3, (15) Billing Zip, (16) Billing City, (17) Billing Region, (18) Billing Country, or (19) Region Code.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Liferay | Digital Experience Platform | 7.3 |
| Liferay | Liferay Portal | >= 7.3.5, < 7.4.3.92 |
Related Weaknesses (CWE)
References
- https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jektVendor Advisory
- https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-ExploitThird Party Advisory
- https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jektVendor Advisory
- https://www.pentagrid.ch/en/blog/stored-cross-site-scripting-vulnerabilities-in-ExploitThird Party Advisory
FAQ
What is CVE-2023-42627?
CVE-2023-42627 is a vulnerability with a CVSS score of 9.6 (CRITICAL). Multiple stored cross-site scripting (XSS) vulnerabilities in the Commerce module in Liferay Portal 7.3.5 through 7.4.3.91, and Liferay DXP 7.3 update 33 and earlier, and 7.4 before update 92 allow re...
How severe is CVE-2023-42627?
CVE-2023-42627 has been rated CRITICAL with a CVSS base score of 9.6/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-42627?
Check the references section above for vendor advisories and patch information. Affected products include: Liferay Digital Experience Platform, Liferay Liferay Portal.