Liferay Layout SEO Web is vulnerable to stored cross-site scripting. The vulnerability exists in _getOpenGraphTag
function in OpenGraphTopHeadDynamicInclude.java
due to lack of html escaping which allows an attacker to inject and execute arbitrary javascript.
CPE | Name | Operator | Version |
---|---|---|---|
com.liferay.layout.seo.web | le | 2.0.3 | |
com.liferay.layout.seo.web | le | 2.0.3 |