Description
Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's `Title` field.
Remediation
References
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33942
Related Vulnerabilities
CVE-2020-14000 Vulnerability in npm package scratch-vm
CVE-2020-1957 Vulnerability in maven package org.apache.shiro:shiro-web
CVE-2023-40167 Vulnerability in maven package org.eclipse.jetty:jetty-http
CVE-2021-31406 Vulnerability in maven package com.vaadin:flow-server
CVE-2020-1961 Vulnerability in maven package org.apache.syncope.core:syncope-core-provisioning-java