Description

Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's `Title` field.

Remediation

References

CVE-2023-33942

Related Vulnerabilities

WordPress Plugin Facebook Promotion Generator for WordPress 'fbActivate.php' SQL Injection (1.3.3)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-2033)

Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2017-7659)

Oracle Database Server CVE-2006-5332 Vulnerability (CVE-2006-5332)

OpenSSL Resource Management Errors Vulnerability (CVE-2016-2179)

Severity

Medium

Classification

CVE-2023-33942 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities