Stored cross-site scripting (XSS) vulnerability in Form widget configuration in Liferay Portal 7.1.0 up to and including 7.3.0, and Liferay DXP 7.1 before fix pack 18, and 7.2 before fix pack 5 allows remote malicious users to inject arbitrary web script or HTML via a crafted payload injected into a form's `name` field.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
liferay digital experience platform 7.2 |
||
liferay digital experience platform 7.1 |
||
liferay liferay portal |