Cross site scripting

A Cross-site scripting XSS vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the description field of uploaded svg file...

CVE-2022-38901

Summary (CVE-2022-38901, related entries): Liferay Digital Experience Platform 7.3.10 SP3 is affected in the Document and Media module file upload path. The vulnerability is a Cross-site Scripting (XSS) flaw in the description field of uploaded SVG files, enabling remote attackers to inject arbit...