Liferay Portal and Liferay DXP Cross-Site Scripting Vulnerability (CNVD-2022-19497)

Liferay Portal and Liferay DXP are both products of Liferay, a J2EE-based portal solution that uses EJB and JMS technologies and serves as a web publishing and shared workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform. Liferay Portal and Liferay DXP are cross-site scripting vulnerabilities that can be exploited by remote attackers to create a web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP is a digital experience collaboration platform. asset_list_web_portlet_AssetListPortlet_title parameter to inject arbitrary web script or HTML when creating a collection page.