com.liferay.asset.browser.web is vulnerable to cross-site scripting (XSS). The vulnerability exists as the values of assetRenderer.getTitle(locale)
and assetRenderer.getSummary(renderRequest, renderResponse)
in resources/view.jsp
is not sanitized.
dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities
github.com/brianchandotcom/liferay-portal//commit/92c17a6ce69b0780eb0b6da6d399f8dff5703576
github.com/brianchandotcom/liferay-portal/pull/47579