Description

Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's `Title` field.

Remediation

References

CVE-2023-33942

Related Vulnerabilities

MySQL CVE-2017-10296 Vulnerability (CVE-2017-10296)

Caddy Web Server Uncontrolled Resource Consumption Vulnerability (CVE-2023-44487)

SharePoint CVE-2021-24104 Vulnerability (CVE-2021-24104)

WordPress Plugin Staff Directory:Company Directory Cross-Site Request Forgery (3.6)

WordPress Plugin Loan Comparison Multiple Cross-Site Scripting Vulnerabilities (1.5.2)

Severity

Medium

Classification

CVE-2023-33942 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities