4 matches found
CVE-2022-38901
A Cross-site scripting XSS vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the description field of uploaded svg file...
CVE-2022-38901
A Cross-site scripting XSS vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the description field of uploaded svg file...
CVE-2022-38901
Summary (CVE-2022-38901, related entries): Liferay Digital Experience Platform 7.3.10 SP3 is affected in the Document and Media module file upload path. The vulnerability is a Cross-site Scripting (XSS) flaw in the description field of uploaded SVG files, enabling remote attackers to inject arbit...
PT-2022-24614 · Liferay · Liferay Digital Experience Platform
Name of the Vulnerable Software and Affected Versions: Liferay Digital Experience Platform version 7.3.10 SP3 Description: A Cross-site scripting XSS issue exists in the file upload functionality of the Document and Media module, allowing remote attackers to inject arbitrary JS script or HTML int...