A Cross-site scripting (XSS) vulnerability in Document Library module in Liferay Portal 7.4.3.30 up to and including 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote malicious users to inject arbitrary web script or HTML via the `redirect` parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
liferay dxp 7.4 |
||
liferay liferay portal |