Description
Cross-site scripting (XSS) vulnerability in the App Builder module's custom object details page in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before update 14 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an App Builder custom object's `Name` field.
Remediation
References
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33938
Related Vulnerabilities
CVE-2022-38370 Vulnerability in maven package org.apache.iotdb:iotdb-grafana-connector
CVE-2019-17554 Vulnerability in maven package org.apache.olingo:odata-server-api
CVE-2018-12542 Vulnerability in maven package io.vertx:vertx-web
CVE-2023-2632 Vulnerability in maven package org.jenkins-ci.plugins:codedx
CVE-2021-27906 Vulnerability in maven package org.apache.pdfbox:pdfbox