Description
Cross-site scripting (XSS) vulnerability in the Journal module's add article menu in Liferay Portal 7.3.0 through 7.3.3, and Liferay DXP 7.1 fix pack 18, and 7.2 fix pack 5 through 7, allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_journal_web_portlet_JournalPortlet_name parameter.
Remediation
References
Related Vulnerabilities
Internet Information Services Other Vulnerability (CVE-2001-0902)
WordPress Plugin Cimy User Extra Fields Arbitrary File Upload (2.3.7)
Dolibarr Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-14240)
WordPress Plugin Database for Contact Form 7, WPforms, Elementor forms Cross-Site Scripting (1.3.3)
WordPress Plugin Xorbin Analog Flash Clock Cross-Site Scripting (1.0)