Description
Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's `Title` field.
Remediation
References
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33942
Related Vulnerabilities
CVE-2022-36094 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates
CVE-2016-5007 Vulnerability in maven package org.springframework:spring-webmvc
CVE-2018-15685 Vulnerability in maven package org.webjars.npm:electron
CVE-2020-2276 Vulnerability in maven package org.jenkins-ci.plugins:selection-tasks-plugin
CVE-2018-6341 Vulnerability in maven package org.webjars.bowergithub.vuejs:vue