Description
In Liferay Portal and Liferay DXP, the default configuration does not sanitize blog entries of JavaScript, which allows remote authenticated users to inject arbitrary web script or HTML (XSS) via a crafted payload injected into a blog entry’s content text field.
Severity
9.0 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
Affected Version(s)
- Liferay Portal 7.4.0 through 7.4.3.12
- Liferay Portal 7.3.0 through 7.3.7
- Liferay Portal 7.2.0 and 7.2.1
- Liferay Portal, older unsupported versions
- Liferay DXP 7.4 before update 9
- Liferay DXP 7.3 before update 4
- Liferay DXP 7.2 before fix pack 19
- Liferay DXP, older unsupported versions
Fixed Version(s)
- Liferay Portal 7.4.3.13
- Liferay DXP 7.4 update 9
- Liferay DXP 7.3 update 4
- Liferay DXP 7.2 fix pack 19
Notes
Workaround:
Navigate to: System Settings > Security Tools > AntiSamy Sanitizer
and remove com.liferay.blogs.model.BlogsEntry from the Whitelist
Publication date: Tue, 20 Feb 2024 12:30:00 +0000