CST-7046 Reflected XSS in JSONSWS API page

Description

A reflected cross-site scripting (XSS) vulnerability exist on the JSONWS API page. An attacker can potentially exploit this security vulnerability to insert malicious JavaScript into a page.

Severity

Severity 2

Fixed Version(s)

Acknowledgments

This issue was reported by Gergő Czuczor

Publication date: Tue, 29 May 2018 04:00:00 +0000

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.