CVE-2023-33943

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.21 through 7.4.3.62 Liferay DXP 7.4 update 21 through 62

Description A cross-site scripting (XSS) issue exists in the Account module, allowing remote attackers to inject arbitrary web script or HTML via crafted payloads in a user's First Name, Middle Name, Last Name, or Job Title text fields.

Recommendations For Liferay Portal versions 7.4.3.21 through 7.4.3.62, restrict input in the First Name, Middle Name, Last Name, and Job Title fields to prevent arbitrary web script or HTML injection until a patch is available. For Liferay DXP 7.4 update 21 through 62, consider temporarily disabling the Account module or limiting user input in the affected fields to minimize the risk of exploitation.