Description
Cross-site scripting (XSS) vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote attackers to inject arbitrary web script or HTML via the Remote App's IFrame URL.
Remediation
References
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33940
Related Vulnerabilities
CVE-2023-32978 Vulnerability in maven package org.jenkins-ci.plugins:ldap
CVE-2023-45648 Vulnerability in maven package org.apache.tomcat:tomcat
CVE-2012-0818 Vulnerability in maven package org.jboss.resteasy:resteasy-jettison-provider
CVE-2019-10407 Vulnerability in maven package hudson.plugins:project-inheritance
CVE-2023-29471 Vulnerability in maven package com.typesafe.akka:akka-stream-kafka_3