Description
A Cross-site scripting (XSS) vulnerability in the Portal Search module in Liferay Portal 7.1.0 through 7.4.2, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the `tag` parameter.
Remediation
References
Related Vulnerabilities
CrushFTP Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-18288)
Joomla Inadequate Encryption Strength Vulnerability (CVE-2021-23126)
WordPress Plugin WordPress Email Template Designer-WP HTML Mail Cross-Site Scripting (3.0.9)
WordPress Plugin Livemesh Addons for Elementor Multiple Cross-Site Scripting Vulnerabilities (6.7.1)
WordPress Plugin Events Widgets For Elementor And The Events Calendar Security Bypass (1.4.3)