Description
Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.5 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allow remote attackers to inject arbitrary web script or HTML via a form field's help text to (1) Forms module's form builder, or (2) App Builder module's object form view's form builder.
Remediation
References
Related Vulnerabilities
CKEditor Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2021-26272)
WordPress Plugin Htaccess by BestWebSoft Cross-Site Request Forgery (1.8.1)
SharePoint CVE-2018-8628 Vulnerability (CVE-2018-8628)
WordPress Plugin Maps Widget for Google Maps-Google Maps Builder Cross-Site Scripting (2.30)
WordPress Plugin Ultimate Responsive Image Slider Unspecified Vulnerability (3.3.2)