Description
A Cross-site scripting (XSS) vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic.
Remediation
References
Related Vulnerabilities
WordPress Plugin MapPress Maps for WordPress Security Bypass (2.54.5)
WordPress Plugin Tinymce Thumbnail Gallery 'href' Parameter Information Disclosure (1.0.7)
PHP Use of Externally-Controlled Format String Vulnerability (CVE-2010-2094)
OpenVPN AS Resource Management Errors Vulnerability (CVE-2014-8104)