CVSS 3.1 Score 5.4 of 10 (medium)


Published Oct 17, 2023
Updated: Dec 28, 2023


CVE-2023-42629 is a stored cross-site scripting (XSS) vulnerability that affects Liferay Portal 7.4.2 through, and Liferay DXP 7.4 before update 88. The vulnerability allows remote attackers to inject arbitrary web script or HTML by manipulating the 'description' text field in a Vocabulary on the manage vocabulary page. The affected products include various versions of Liferay Portal and Liferay DXP. To remediate this vulnerability, organizations should update their Liferay software to version or later. The potential danger posed by this vulnerability includes the risk of unauthorized access to sensitive information, manipulation of website content, and potential impact on user trust and credibility of the affected organization's website or portal.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-42629 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options