Description
Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's `Title` field.
Remediation
References
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33942
Related Vulnerabilities
CVE-2015-1840 Vulnerability in npm package jquery-ujs
CVE-2020-6831 Vulnerability in maven package org.webjars.npm:electron
CVE-2020-2287 Vulnerability in maven package org.jenkins-ci.plugins:audit-trail
CVE-2019-10095 Vulnerability in maven package org.apache.zeppelin:zeppelin
CVE-2019-0214 Vulnerability in maven package org.apache.archiva:archiva