Cross-site scripting (XSS) vulnerability in the Object module's edit object details page in Liferay Portal 7.4.3.4 up to and including 7.4.3.36 allows remote malicious users to inject arbitrary web script or HTML via a crafted payload injected into the object field's `Label` text field.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
liferay liferay portal |