Liferay DXP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2023-47795
Stored cross-site scripting (XSS) vulnerability in the Document and Media widget in Liferay Portal 7.4.3.18 through 7.4.3.101 and Liferay DXP 2023.Q3 before patch 6 and 7.4 update 18 through 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into a document39s Title text field.