Description
Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote authenticated attackers with the instance administrator role to inject arbitrary web script or HTML into all pages via a crafted payload injected into the Instance Configuration's (1) CDN Host HTTP text field or (2) CDN Host HTTPS text field.
Remediation
References
Related Vulnerabilities
e107 Other Vulnerability (CVE-2005-4051)
Drupal Core 9.0.0 Remote Code Execution (9.0.0)
Oracle Database Server Other Vulnerability (CVE-2007-1442)
Python URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-28861)
WordPress Plugin SEO Redirection-301 Redirect Manager SQL Injection (8.1)