cbcvebase.
CVE-2023-33942
published 2023-05-24

CVE-2023-33942: Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50…

medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
Cross-site scripting (XSS) vulnerability in the Web Content Display widget's article selector in Liferay Liferay Portal 7.4.3.50, and Liferay DXP 7.4 update 50 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a web content article's `Title` field.

Affected

4 ranges
VendorProductVersion rangeFixed in
liferaydigital_experience_platform
liferaydxp
liferayliferay_portal
liferayportal