Description
Cross-site scripting (XSS) vulnerability in the Account module in Liferay Portal 7.4.3.21 through 7.4.3.62, and Liferay DXP 7.4 update 21 through 62 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user's (1) First Name, (2) Middle Name, (3) Last Name, or (4) Job Title text field.
Remediation
References
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33943
Related Vulnerabilities
CVE-2023-24451 Vulnerability in maven package org.jenkins-ci.plugins:cisco-spark-notifier
CVE-2019-1003067 Vulnerability in maven package org.jenkins-ci.plugins:trac-publisher-plugin
CVE-2020-11974 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-dao
CVE-2023-27603 Vulnerability in maven package org.apache.linkis:linkis-common
CVE-2014-3579 Vulnerability in maven package org.apache.activemq:apollo-selector