Description
Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the name of a asset category.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2011-2230 Vulnerability (CVE-2011-2230)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4402)
WordPress Plugin 123devis-affiliation Cross-Site Scripting (1.0.4)
WordPress Plugin Aviary Image Editor Add-on For Gravity Forms Arbitrary File Upload (3.0)
Ruby on Rails Improper Authentication Vulnerability (CVE-2012-3424)