Description
A Cross-site scripting (XSS) vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the description field of uploaded svg file.
Remediation
References
Related Vulnerabilities
Apache Tomcat Incorrect Default Permissions Vulnerability (CVE-2020-8022)
WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions Open Redirect (2.0.5)
WordPress Plugin Tablesome-Responsive Table, Woocommerce Automation, Email Log, Form Automation-Contact Form 7, Elementor, WPForms, Forminator Cross-Site Request Forgery (1.0.25)
Django Improper Validation of Specified Quantity in Input Vulnerability (CVE-2023-41164)
WordPress Plugin Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, Aweber-MailOptin Security Bypass (1.2.35.1)