CVE-2023-47795 in Liferay
Summary
by MITRE • 02/21/2024
Stored cross-site scripting (XSS) vulnerability in the Document and Media widget in Liferay Portal 7.4.3.18 through 7.4.3.101, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 18 through 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into a document's “Title” text field.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 04/19/2025
The vulnerability CVE-2023-47795 represents a critical stored cross-site scripting flaw within the Document and Media widget of Liferay Portal and Liferay DXP platforms. This security weakness affects multiple versions including Liferay Portal 7.4.3.18 through 7.4.3.101 and Liferay DXP 2023.Q3 before patch 6, along with Liferay 7.4 update 18 through 92. The flaw enables remote authenticated attackers to execute malicious scripts by injecting crafted payloads into document title fields, creating a persistent security risk that can affect all users interacting with the vulnerable system. The vulnerability falls under CWE-79 which specifically addresses cross-site scripting attacks where untrusted data is improperly sanitized before being rendered in web pages. This type of vulnerability directly aligns with ATT&CK technique T1531 which focuses on establishing persistence through web shell injection and malicious code execution in web applications.
The technical implementation of this vulnerability occurs within the Document and Media widget's handling of user input, specifically when processing the "Title" text field of documents stored within the system. When an authenticated user uploads or modifies a document with malicious script code in the title field, the system fails to properly sanitize or escape the input before storing it in the database. Subsequently, when other users view the document listing or details page, the malicious script code executes within their browser context, potentially leading to session hijacking, credential theft, or further exploitation. The stored nature of this vulnerability means that the malicious payload persists even after the initial injection, making it particularly dangerous as it can affect multiple users over extended periods. The authentication requirement for exploitation indicates that attackers must first gain valid credentials, but once obtained, they can leverage this vulnerability to cause widespread impact across the platform's user base.
The operational impact of CVE-2023-47795 extends beyond simple script execution, potentially enabling attackers to perform session hijacking, steal sensitive information, manipulate data, or redirect users to malicious websites. Given that this affects core document management functionality, attackers could compromise sensitive corporate documents or inject malicious content into shared repositories. The vulnerability's persistence means that once exploited, the malicious code continues to execute for all users who view affected documents, creating a continuous threat vector. Organizations using Liferay Portal or DXP may experience unauthorized access to confidential data, disruption of business operations, and potential compliance violations. The attack surface is particularly concerning in enterprise environments where document sharing and collaboration are frequent activities, as the vulnerability can be exploited through legitimate user interactions with the platform's core features.
Mitigation strategies for CVE-2023-47795 should prioritize immediate patching of affected Liferay versions to the latest available releases that contain the necessary security fixes. Organizations should implement comprehensive input validation and output encoding mechanisms to prevent similar vulnerabilities in custom applications built on the Liferay platform. Network segmentation and monitoring should be enhanced to detect unusual activities related to document uploads or modifications. Regular security audits of web applications should include thorough testing of input fields for proper sanitization. The implementation of web application firewalls and content security policies can provide additional layers of protection against XSS attacks. Security teams should also conduct user awareness training to recognize potential social engineering attempts that might lead to credential compromise and subsequent exploitation of this vulnerability. Organizations should maintain detailed logs of document management activities to facilitate forensic analysis in case of successful exploitation attempts.