Lucene search
K

4 matches found

NVD
NVD
added 2022/10/19 2:15 a.m.17 views

CVE-2022-38901

A Cross-site scripting XSS vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the description field of uploaded svg file...

5.4CVSS0.00719EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/10/19 12:0 a.m.21 views

CVE-2022-38901

A Cross-site scripting XSS vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the description field of uploaded svg file...

5.6AI score0.00719EPSS
Exploits1References2
CVE
CVE
added 2022/10/19 12:0 a.m.71 views

CVE-2022-38901

Summary (CVE-2022-38901, related entries): Liferay Digital Experience Platform 7.3.10 SP3 is affected in the Document and Media module file upload path. The vulnerability is a Cross-site Scripting (XSS) flaw in the description field of uploaded SVG files, enabling remote attackers to inject arbit...

5.4CVSS5.4AI score0.00719EPSS
Exploits1References3Affected Software2
Positive Technologies
Positive Technologies
added 2022/10/19 12:0 a.m.3 views

PT-2022-24614 · Liferay · Liferay Digital Experience Platform

Name of the Vulnerable Software and Affected Versions: Liferay Digital Experience Platform version 7.3.10 SP3 Description: A Cross-site scripting XSS issue exists in the file upload functionality of the Document and Media module, allowing remote attackers to inject arbitrary JS script or HTML int...

5.4CVSS5.3AI score0.00719EPSS
Exploits2References6
Rows per page
Query Builder