Cross-site scripting (XSS) vulnerability in the Modified Facet widget in Liferay Portal 7.1.0 up to and including 7.4.3.12, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 18, 7.3 before update 4, and 7.4 before update 9 allows remote malicious users to inject arbitrary web script or HTML via a crafted payload injected into a facet label.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
liferay digital experience platform 7.2 |
||
liferay digital experience platform 7.1 |
||
liferay digital experience platform 7.3 |
||
liferay digital experience platform 7.4 |
||
liferay liferay portal |