Lucene search
GoogleOSV:CVE-2020-7934HistoryJan 28, 2020 - 2:15 p.m.
CVE-2020-7934
2020-01-2814:15:14
Google
osv.dev
8
In LifeRay Portal CE 7.1.0 through 7.2.1 GA2, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload will then be rendered when a user utilizes the search feature to search for other users (i.e., if a user with modified fields occurs in the search results). This issue was fixed in Liferay Portal CE version 7.3.0 GA1.
Related
cve
cve
CVE-2020-7934
2020-01-28 14:15:14
packetstorm
packetstorm
LifeRay 7.2.1 GA2 Cross Site Scripting
2020-11-23 00:00:00
prion
prion
Cross site scripting
2020-01-28 14:15:00
githubexploit
githubexploit
Exploit for Cross-site Scripting in Liferay Liferay Portal
2019-10-17 22:09:07
cvelist
cvelist
CVE-2020-7934
2020-01-28 13:03:44
openvas
openvas
Liferay Portal 7.1.0 - 7.2.1 XSS Vulnerability
2020-02-04 00:00:00
nvd
nvd
CVE-2020-7934
2020-01-28 14:15:14
exploitdb
exploitdb
LifeRay 7.2.1 GA2 - Stored XSS
2020-11-23 00:00:00