This results in a cross site scripting (XSS) vulnerability. A successful exploit can lead to information disclosure and potential data loss. CVE-2018-1314 A XSS vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the description field of uploaded svg file. This results in a cross site scripting (XSS) vulnerability. A successful exploit can lead to information disclosure and potential data loss. - An unauthenticated remote attacker can upload a malicious image through the file upload functionality. - Remote attackers can inject arbitrary javascript code, which will be executed by the victim when they access a specially crafted website through the XSS vulnerability. - A successful exploit can result in information disclosure and potential data loss. CVE-2018-1315 A XSS vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the description field of uploaded svg file. This results in a cross site scripting (XSS) vulnerability. A successful exploit can lead to information disclosure and potential data loss. - An unauthenticated remote attacker can upload a malicious image through the file upload functionality

Liferay design principles and architecture

Liferay was designed with a few principles in mind. First, it's written to be easy to use. It also has a powerful architecture that allows for huge scalability and flexibility. This is why Liferay is able to handle large-scale enterprise portals with complex business requirements. The design of Liferay also helps it scale without breaking down under the load of too many people accessing it at once.

Timeline

Published on: 10/19/2022 02:15:00 UTC
Last modified on: 10/21/2022 20:19:00 UTC

References