com.liferay.calendar.web is vulnerable to cross-site scripting (XSS). An attacker is able to inject and execute arbitrary Javascript code in a user’s browser via the username, lastname and surname fields from profile page.
CPE | Name | Operator | Version |
---|---|---|---|
com.liferay.calendar.web | le | 3.0.17 | |
com.liferay.calendar.web | le | 1.0.82 | |
com.liferay.calendar.web | le | 2.0.38 |