Cross-Site Scripting (XSS)

com.liferay.expando.web is vulnerable to cross-site scripting. The modelResource parameter is not HTML encoded before being displayed on a user's browser, which allows remote attackers to inject arbitrary Javascript into the victim's browser to steal session tokens or perform unwanted actions on...