Description
Cross-site scripting (XSS) vulnerability in the Portal Workflow module's edit process page in Liferay DXP 7.0 before fix pack 99, 7.1 before fix pack 23, 7.2 before fix pack 12 and 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the currentURL parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Amazon Tools Cross-Site Scripting (1.7.2)
WordPress Plugin BitMonet Cross-Site Scripting (1.0)
WordPress Plugin WordPress Related Posts Cross-Site Request Forgery (2.6.1)
Drupal Core 8.8.x Arbitrary File Overwrite (8.8.0 - 8.8.12)
Mailman Improper Input Validation Vulnerability (CVE-2018-13796)