Description
Cross-site scripting (XSS) vulnerability in the App Builder module's custom object details page in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before update 14 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an App Builder custom object's `Name` field.
Remediation
References
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33938
Related Vulnerabilities
CVE-2023-43497 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2020-11022 Vulnerability in npm package jquery
CVE-2020-2281 Vulnerability in maven package org.6wind.jenkins:lockable-resources
CVE-2015-5254 Vulnerability in maven package org.apache.activemq:activemq-all
CVE-2016-4999 Vulnerability in maven package org.dashbuilder:dashbuilder-dataset-sql