Description
Cross-site scripting (XSS) vulnerability in the App Builder module's custom object details page in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before update 14 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an App Builder custom object's `Name` field.
Remediation
References
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33938
Related Vulnerabilities
CVE-2023-46652 Vulnerability in maven package org.jenkins-ci.plugins:lambdatest-automation
CVE-2019-10184 Vulnerability in maven package io.undertow:undertow-servlet
CVE-2023-28628 Vulnerability in maven package lambdaisland:uri
CVE-2015-8855 Vulnerability in npm package semver
CVE-2018-14042 Vulnerability in maven package org.webjars.npm:bootstrap-sass