Description
Cross-site scripting (XSS) vulnerability in the Account module in Liferay Portal 7.4.3.21 through 7.4.3.62, and Liferay DXP 7.4 update 21 through 62 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user's (1) First Name, (2) Middle Name, (3) Last Name, or (4) Job Title text field.
Remediation
References
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-33943
Related Vulnerabilities
CVE-2012-0391 Vulnerability in maven package org.apache.struts.xwork:xwork-core
CVE-2012-5633 Vulnerability in maven package org.apache.cxf:cxf-rt-ws-security
CVE-2016-8744 Vulnerability in maven package org.apache.brooklyn:brooklyn
CVE-2011-2087 Vulnerability in maven package org.apache.struts:struts2-javatemplates-plugin
CVE-2018-11537 Vulnerability in maven package org.webjars:angular-jwt