Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's `Title` field.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Liferay
Published: 2023-05-24T14:49:17.472Z
Updated: 2024-08-02T15:54:13.949Z
Reserved: 2023-05-24T02:36:00.163Z
Link: CVE-2023-33942
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-05-24T15:15:09.807
Modified: 2023-06-01T04:15:10.607
Link: CVE-2023-33942
Redhat
No data.