Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS)

Liferay Layout Admin Web before 5.0.0 in Liferay Portal v7.3.6 and below and Liferay DXP v7.3 and below were discovered to contain a cross-site scripting XSS vulnerability via the comliferayassetlistwebportletAssetListPortlettitle parameter...

PT-2022-10705 · Liferay · Liferay Portal

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.3.4 through 7.3.6 Description: A cross-site scripting XSS issue exists in the Asset module, allowing remote attackers to inject arbitrary web script or HTML when creating a collection page. This is achieved via the c...