Cross-site scripting (XSS) vulnerability in Journal module's web content display configuration page in Liferay Portal 7.1.0 up to and including 7.3.3, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 8, allows remote malicious users to inject arbitrary web script or HTML via web content template names.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
liferay digital experience platform 7.2 |
||
liferay digital experience platform 7.1 |
||
liferay digital experience platform 7.0 |
||
liferay liferay portal |