Cross site scripting

2024-02-0715:15:00

PRIOn knowledge base

www.prio-n.com

cross site scripting

liferay portal

remote injection

html injection

vulnerability

search result

5.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.1%

JSON

Stored cross-site scripting (XSS) vulnerability in the Portal Search module’s Search Result app in Liferay Portal 7.2.0 through 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before update 8, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML into the Search Result app’s search result if highlighting is disabled by adding any searchable content (e.g., blog, message board message, web content article) to the application.

CPENameOperatorVersion
dxpeq7.2 fixpack2
dxpeq7.2 fixpack3
dxpeq7.2 fixpack4
dxpeq7.2 fixpack5
dxpeq7.2 fixpack1
dxpeq7.2
dxpeq7.2 fixpack6
dxpeq7.2 fixpack7
dxpeq7.2 fixpack8
dxpeq7.2 fixpack9

Name	Operator	Version
dxp	eq	7.2 fixpack2
dxp	eq	7.2 fixpack3
dxp	eq	7.2 fixpack4
dxp	eq	7.2 fixpack5
dxp	eq	7.2 fixpack1
dxp	eq	7.2
dxp	eq	7.2 fixpack6
dxp	eq	7.2 fixpack7
dxp	eq	7.2 fixpack8
dxp	eq	7.2 fixpack9