CST-7310 Reflected XSS in Page Fragments' edit page

Description

Multiple cross-site scripting (XSS) vulnerabilities in the fragment module in Liferay Portal 7.1.0 through 7.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) _com_liferay_fragment_web_portlet_FragmentPortlet_htmlContent, (2) _com_liferay_fragment_web_portlet_FragmentPortlet_cssContent, or (3) _com_liferay_fragment_web_portlet_FragmentPortlet_jsContent parameter.

Severity

Severity 2

Fixed Version(s)

Publication date: Mon, 31 Aug 2020 17:00:00 +0000

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.