CVSS 3.1 Score 9.6 of 10 (high)


Published Feb 21, 2024
Updated: Feb 22, 2024


CVE-2023-42498 is a reflected cross-site scripting (XSS) vulnerability found in Liferay Portal versions through, as well as Liferay DXP 2023.Q3 before patch 5, and 7.4 update 4 through 92. This vulnerability allows remote attackers to inject arbitrary web script or HTML by manipulating the "_com_liferay_portal_language_override_web_internal_portlet_PLOPortlet_key" parameter on the Language Override edit screen. The base severity of this vulnerability is classified as CRITICAL with a CVSS score of 9.6, indicating a high risk to organizations. To remediate this vulnerability, users should apply the necessary patches and updates provided by Liferay.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-42498 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options