Description
Cross-site scripting (XSS) vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote attackers to inject arbitrary web script or HTML via the Remote App's IFrame URL.
Remediation
References
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33940
Related Vulnerabilities
CVE-2017-5645 Vulnerability in maven package org.apache.logging.log4j:log4j
CVE-2019-1003058 Vulnerability in maven package org.jvnet.hudson.plugins:ftppublisher
CVE-2023-29019 Vulnerability in npm package @fastify/passport
CVE-2022-41238 Vulnerability in maven package com.groupon.jenkins-ci.plugins:dotci
CVE-2017-7561 Vulnerability in maven package org.jboss.resteasy:resteasy-jaxrs