Cross-Site Scripting (XSS)

2022-04-2607:03:56

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

42.7%

JSON

Liferay Layout SEO Web is vulnerable to stored cross-site scripting. The vulnerability exists in _getOpenGraphTag function in OpenGraphTopHeadDynamicInclude.java due to lack of html escaping which allows an attacker to inject and execute arbitrary javascript.

CPENameOperatorVersion
com.liferay.layout.seo.weble2.0.3
com.liferay.layout.seo.weble2.0.3

CPE	Name	Operator	Version
	com.liferay.layout.seo.web	le	2.0.3
	com.liferay.layout.seo.web	le	2.0.3

References

liferay.com

github.com/advisories/GHSA-3vww-jrmm-9vff

github.com/community-security-team/liferay-portal/commit/e5b78d435597cae33ad7024e9126b5cd3aa3033d

portal.liferay.dev/learn/security/known-vulnerabilities

0.001 Low

EPSS

Percentile

42.7%

JSON

Related for VERACODE:35253