Description
A Cross-site scripting (XSS) vulnerability in the Announcements module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 17, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Flow Plus Unspecified Vulnerability (2.2.0)
Oracle Database Server CVE-2011-2301 Vulnerability (CVE-2011-2301)
Oracle JRE CVE-2013-1476 Vulnerability (CVE-2013-1476)
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-1133)
WordPress Plugin Remove Schema Cross-Site Request Forgery (1.4)