A Cross-site scripting (XSS) vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic.
CPE | Name | Operator | Version |
---|---|---|---|
liferay-portal | eq | 7.3.1-ga2 | |
liferay-portal | eq | 7.3.0-ga1 | |
liferay-portal | eq | 7.3.2-ga3 |