Cross site scripting

2023-05-2414:15:00

PRIOn knowledge base

www.prio-n.com

cross-site scripting

liferay portal

remote attackers

crafted payload

0.001 Low

EPSS

Percentile

22.9%

JSON

Cross-site scripting (XSS) vulnerability in the Modified Facet widget in Liferay Portal 7.1.0 through 7.4.3.12, and Liferay DXP 7.1 before fix pack 27, 7.2 before fix pack 18, 7.3 before update 4, and 7.4 before update 9 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a facet label.

CPENameOperatorVersion
digital_experience_platformeq7.2
digital_experience_platformeq7.2 fixpack1
digital_experience_platformeq7.2 fixpack2
digital_experience_platformeq7.2 fixpack3
digital_experience_platformeq7.2 fixpack5
digital_experience_platformeq7.2 fixpack4
digital_experience_platformeq7.1 fixpack6
digital_experience_platformeq7.1 fixpack9
digital_experience_platformeq7.1 fixpack10
digital_experience_platformeq7.1 fixpack11

Name	Operator	Version
digital_experience_platform	eq	7.2
digital_experience_platform	eq	7.2 fixpack1
digital_experience_platform	eq	7.2 fixpack2
digital_experience_platform	eq	7.2 fixpack3
digital_experience_platform	eq	7.2 fixpack5
digital_experience_platform	eq	7.2 fixpack4
digital_experience_platform	eq	7.1 fixpack6
digital_experience_platform	eq	7.1 fixpack9
digital_experience_platform	eq	7.1 fixpack10
digital_experience_platform	eq	7.1 fixpack11