Description
Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's `Title` field.
Remediation
References
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33942
Related Vulnerabilities
CVE-2017-5661 Vulnerability in maven package org.apache.xmlgraphics:fop
CVE-2013-6468 Vulnerability in maven package org.drools:drools-workbench-models-test-scenarios
CVE-2017-2612 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2015-2156 Vulnerability in maven package io.netty:netty-codec-http