Description
Reflected cross-site scripting (XSS) vulnerability on a content page’s edit page in Liferay Portal 7.4.3.94 through 7.4.3.95 allows remote attackers to inject arbitrary web script or HTML via the `p_l_back_url_title` parameter.
Remediation
References
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-47797
Related Vulnerabilities
CVE-2021-21344 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2016-3092 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2023-24427 Vulnerability in maven package org.jenkins-ci.plugins:bitbucket-oauth
CVE-2023-4853 Vulnerability in maven package io.quarkus:quarkus-csrf-reactive
CVE-2020-2266 Vulnerability in maven package org.jenkins-ci.plugins:description-column-plugin