BIT-2023-44310

Stored cross-site scripting XSS vulnerability in Page Tree menu Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into page's "Name" text...

GHSA-J5GV-W838-MMCX Liferay Portal and Liferay DXP Vulnerable to XSS via the Page Tree Menu

Stored cross-site scripting XSS vulnerability in Page Tree menu in Liferay Layout Implementation before 6.0.102 from Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote attackers to inject arbitrary web script or HTML via...

Liferay Portal and Liferay DXP Vulnerable to XSS via the Page Tree Menu

Stored cross-site scripting XSS vulnerability in Page Tree menu in Liferay Layout Implementation before 6.0.102 from Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote attackers to inject arbitrary web script or HTML via...

CVE-2023-44310

Stored cross-site scripting XSS vulnerability in Page Tree menu Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into page's "Name" text...

CVE-2023-44310

Stored cross-site scripting XSS vulnerability in Page Tree menu Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into page's "Name" text...

CVE-2023-44310

CVE-2023-44310 is a stored XSS vulnerability in the Page Tree menu affecting Liferay Portal 7.3.6–7.4.3.78 and Liferay DXP 7.3 (fix pack 1 through Update 23 ) and 7.4 (before Update 79 ). An attacker can inject arbitrary scripts via a crafted payload into a page’s Name field, enabling script exec...

Liferay Portal and Liferay DXP Cross-Site Scripting Vulnerabilities

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

PT-2023-29204 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.3.6 through 7.4.3.78 Liferay DXP versions 7.3 fix pack 1 through update 23 Liferay DXP version 7.4 before update 79 Description: A stored cross-site scripting XSS issue in the Page Tree menu allows remote attackers t...