Description
Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's `Title` field.
Remediation
References
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33942
Related Vulnerabilities
CVE-2023-6291 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2022-33682 Vulnerability in maven package org.apache.pulsar:pulsar-proxy
CVE-2015-5254 Vulnerability in maven package org.apache.activemq:activemq-core
CVE-2019-10212 Vulnerability in maven package io.undertow:undertow-core