A cross-site scripting (XSS) vulnerability in Liferay Portal v7.3.3 through v7.4.2 and Liferay DXP v7.3 before service pack 3 allows attackers to inject arbitrary web script or HTML code into the context of another logged-in user via a crafted payload injected into the name of a tag.

CVE References Severity CVE-2017-9241 A CVSS v3 Severity rating Medium CVE-2017-9242 A CVSS v3 Severity rating Medium CVE-2017-9243 A CVSS v3 Severity rating Medium CVE-2017-9244 A CVSS v3 Severity rating Medium CVE-2017-9245 A CVSS v3 Severity rating Medium CVE-2017-9246 A CVSS v3 Severity rating Medium An information disclosure vulnerability in Liferay Portal v7.3.3 through v7.4.2 and Liferay DXP v7.3 before service pack 3 allows attackers to access sensitive information via a crafted request when the “Email address confirmation” feature is enabled.

CVE-2017-9247 An information disclosure vulnerability in Liferay Portal v7.3.3 through v7.4.2 and Liferay DXP v7.3 before service pack 3 allows attackers to access sensitive information via a crafted request.

CVE-2017-9250 An information disclosure vulnerability in Liferay Portal

^^

Cross-site scripting (XSS) vulnerability^
A cross-site scripting (XSS) vulnerability in Liferay Portal v7.3.3 through v7.4.2 and Liferay DXP v7.3 before service pack 3 allows attackers to inject arbitrary web script or HTML code into the context of another logged-in user via a crafted payload injected into the name of a tag.

Timeline

Published on: 09/22/2022 00:15:00 UTC
Last modified on: 09/23/2022 14:09:00 UTC

References