Description
A Cross-site scripting (XSS) vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Appointment Schedule Booking System Cross-Site Scripting (1.0)
Drupal Core 9.2.x Directory Traversal (9.2.0 - 9.2.1)
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4200)
MySQL CVE-2014-4240 Vulnerability (CVE-2014-4240)
WordPress 4.0.x Possible SQL Injection Vulnerability (4.0 - 4.0.19)