logo
DATABASE RESOURCES PRICING ABOUT US

Liferay Portal 7.3.4 < 7.3.6 XSS

Description

Liferay Portal from 7.3.4 and prior to 7.3.6 is affected by a stored cross-site scripting vulnerability in the Layout module's page administration page that allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_name parameter. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


Related