Description
XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted title or summary that is mishandled in the Web Content Display.
Remediation
References
https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities
https://github.com/brianchandotcom/liferay-portal/pull/47579
Related Vulnerabilities
CVE-2023-37963 Vulnerability in maven package io.jenkins.plugins:benchmark-evaluator
CVE-2022-28157 Vulnerability in maven package com.surenpi.jenkins:phoenix-autotest
CVE-2021-33829 Vulnerability in npm package ckeditor4
CVE-2024-36401 Vulnerability in maven package org.geoserver:gs-wfs
CVE-2023-4918 Vulnerability in maven package org.keycloak:keycloak-services