Description
A Cross-site scripting (XSS) vulnerability in the Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject arbitrary web script or HTML via the (1) name, or (2) namespace parameter.
Remediation
References
Related Vulnerabilities
TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3946)
WordPress Plugin Product Addons & Fields for WooCommerce Cross-Site Scripting (32.0.6)
WordPress Plugin Easy Org Chart Cross-Site Scripting (3.1)
WordPress Plugin Custom Contact Forms Multiple Cross-Site Scripting Vulnerabilities (5.0.0.1)
WordPress Plugin Import all XML, CSV & TXT into WordPress Security Bypass (6.4.1)