Stored Cross-Site Scripting (XSS)

com.liferay, com.liferay.users.admin.web is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization or escaping of user input in organization site names, which allows an attacker to inject and execute malicious JavaScript code on affected instances...

com.liferay:com.liferay.my.account.web (>=1.0.0 <=1.0.12), com.liferay:com.liferay.portal.settings.web (>=1.0.0 <=1.2.4) potentially affected by CVE-2021-29038 via com.liferay:com.liferay.users.admin.web (>=1.0.0 <=2.3.0)

com.liferay:com.liferay.users.admin.web MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.2.4 Source cves: CVE-2021-29038 Source advisory: OSV:GHSA-MWHF-6MJM-6W3H...