Description
A Cross-site scripting (XSS) vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the description field of uploaded svg file.
Remediation
References
Related Vulnerabilities
WordPress Plugin Job Board by BestWebSoft Cross-Site Scripting (1.0.0)
PHP Other Vulnerability (CVE-2003-0172)
PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-7484)
MediaWiki Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2021-41799)