Stored cross-site scripting (XSS) vulnerability in the Wiki widget in Liferay Portal 7.1.0 up to and including 7.4.3.87, and Liferay DXP 7.0 fix pack 83 through 102, 7.1 fix pack 28 and previous versions, 7.2 fix pack 20 and previous versions, 7.3 update 33 and previous versions, and 7.4 before update 88 allows remote malicious users to inject arbitrary web script or HTML into a parent wiki page via a crafted payload injected into a wiki page's ‘Content’ text field.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
liferay digital experience platform 7.2 |
||
liferay digital experience platform 7.1 |
||
liferay digital experience platform 7.0 |
||
liferay digital experience platform 7.3 |
||
liferay digital experience platform 7.4 |
||
liferay liferay portal |
Vulmon