Cross-site scripting (XSS) vulnerability in Layout module in Liferay Portal 7.3.4 up to and including 7.4.3.68, and Liferay DXP 7.3 before update 24, and 7.4 before update 69 allows remote malicious users to inject arbitrary web script or HTML via a crafted payload injected into a container type layout fragment's `URL` text field.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
liferay digital experience platform 7.3 |
||
liferay digital experience platform 7.4 |
||
liferay liferay portal |