{"id":"CVE-2023-42498","details":"Reflected cross-site scripting (XSS) vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 4 through 92 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_portal_language_override_web_internal_portlet_PLOPortlet_key parameter.","aliases":["GHSA-73x3-8mrg-5r93"],"modified":"2025-11-19T17:35:04.489818Z","published":"2024-02-21T03:15:08.240Z","references":[{"type":"ADVISORY","url":"https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42498"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/liferay/liferay-portal","events":[{"introduced":"0"},{"fixed":"7e32d8d73be262d4e03e7c11cf77d924c87742ee"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-42498.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}