A Cross-site scripting (XSS) vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote malicious users to inject arbitrary JS script or HTML into the description field of uploaded svg file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
liferay dxp 7.3 |
||
liferay dxp 7.4 |
||
liferay liferay portal |
||
liferay dxp |