Description
Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's `Title` field.
Remediation
References
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33942
Related Vulnerabilities
CVE-2016-4003 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2020-2194 Vulnerability in maven package io.jenkins.plugins:echarts-api
CVE-2022-22968 Vulnerability in maven package org.springframework:spring-context
CVE-2018-10912 Vulnerability in maven package org.keycloak:keycloak-model-infinispan
CVE-2019-20503 Vulnerability in maven package org.webjars.npm:electron