Cross site scripting

2023-05-2413:15:00

PRIOn knowledge base

www.prio-n.com

stored cross-site scripting

form widget configuration

remote attackers

crafted payload

name field

arbitrary web script

html injection

nvd

0.001 Low

EPSS

Percentile

22.9%

JSON

Stored cross-site scripting (XSS) vulnerability in Form widget configuration in Liferay Portal 7.1.0 through 7.3.0, and Liferay DXP 7.1 before fix pack 18, and 7.2 before fix pack 5 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a form’s name field.

CPENameOperatorVersion
digital_experience_platformeq7.2
digital_experience_platformeq7.2 fixpack1
digital_experience_platformeq7.2 fixpack2
digital_experience_platformeq7.2 fixpack3
digital_experience_platformeq7.2 fixpack4
digital_experience_platformeq7.1 fixpack6
digital_experience_platformeq7.1 fixpack9
digital_experience_platformeq7.1 fixpack10
digital_experience_platformeq7.1 fixpack11
digital_experience_platformeq7.1 fixpack12

Name	Operator	Version
digital_experience_platform	eq	7.2
digital_experience_platform	eq	7.2 fixpack1
digital_experience_platform	eq	7.2 fixpack2
digital_experience_platform	eq	7.2 fixpack3
digital_experience_platform	eq	7.2 fixpack4
digital_experience_platform	eq	7.1 fixpack6
digital_experience_platform	eq	7.1 fixpack9
digital_experience_platform	eq	7.1 fixpack10
digital_experience_platform	eq	7.1 fixpack11
digital_experience_platform	eq	7.1 fixpack12