Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 exists to contain a cross-site scripting (XSS) vulnerability in the Portal Search module's Custom Facet widget. This vulnerability allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Parameter Name text field.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
liferay dxp 7.2 |
||
liferay dxp 7.1 |
||
liferay liferay portal |
||
liferay dxp 7.3 |