Cross-Site Scripting (XSS)

2019-09-1003:21:46

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

34.0%

JSON

com.liferay.journal.taglib is vulnerable to cross-site scripting (XSS). Lack of HTML encoding allows a remote attacker to inject arbitrary Javascript into a victim’s browser via the title of the journal.

CPENameOperatorVersion
com.liferay.journal.taglible3.0.2
com.liferay.journal.taglible2.0.5
com.liferay.journal.taglible3.0.2
com.liferay.journal.taglible2.0.5