Description
Multiple cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.52, and Liferay DXP 7.4 update 41 through 52 allow remote attackers to inject arbitrary web script or HTML via the (1) code, or (2) error parameter.
Remediation
References
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33941
Related Vulnerabilities
CVE-2023-50730 Vulnerability in maven package edu.gemini:gsp-graphql-core_2.13
CVE-2023-50766 Vulnerability in maven package org.sonatype.nexus.ci:nexus-jenkins-plugin
CVE-2022-45401 Vulnerability in maven package org.jenkinsci.plugins:associated-files
CVE-2018-1000055 Vulnerability in maven package org.jvnet.hudson.plugins:android-lint
CVE-2018-1999041 Vulnerability in maven package com.tinfoilsecurity.plugins:tinfoil-scan