4 matches found
CVE-2022-28980
Multiple cross-site scripting XSS vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter prefix...
CVE-2022-28980
Multiple cross-site scripting XSS vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter prefix...
CVE-2022-28980
Summary: CVE-2022-28980 affects Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA. The issue is a reflected XSS in the fragment renderer collection filter implementation where parameters with the filter_ prefix are not properly escaped, enabling execution of arbitrary script/HTML in the user’s brow...
CVE-2022-28980
Multiple cross-site scripting XSS vulnerabilities in Liferay Portal v7.4.3.4 and Liferay DXP v7.4 GA allows attackers to execute arbitrary web scripts or HTML via parameters with the filter prefix...