Reflected Cross-Site Scripting (Reflected XSS)
com.liferay, com.liferay.expando.web are vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper input validation of the comliferayexpandowebportletExpandoPortletdisplayType parameter, which allows an attacker to inject and execute arbitrary JavaScript code in a...