Liferay Portal and Liferay DXP Vulnerable to XSS in the Fragment Components

Multiple stored cross-site scripting XSS vulnerabilities in the fragment components before 3.0.25 from Liferay Portal 7.4.2 through 7.4.3.53, and Liferay DXP 7.4 before update 54 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into any non-HTML field o...

GHSA-J663-6JPJ-XX8C Liferay Portal and Liferay DXP Vulnerable to XSS in the Fragment Components

Multiple stored cross-site scripting XSS vulnerabilities in the fragment components before 3.0.25 from Liferay Portal 7.4.2 through 7.4.3.53, and Liferay DXP 7.4 before update 54 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into any non-HTML field o...

PT-2023-29203 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.2 through 7.4.3.53 Liferay DXP 7.4 before update 54 Description: The issue concerns multiple stored cross-site scripting XSS vulnerabilities in the fragment components. These vulnerabilities allow remote attackers ...