Cross-site scripting (XSS) vulnerability in the Layout module’s page administration page in Liferay Portal 7.3.4, 7.3.5 and Liferay DXP 7.2 before fix pack 11 and 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_name parameter.
CPE | Name | Operator | Version |
---|---|---|---|
dxp | eq | 7.2 fixpack2 | |
dxp | eq | 7.2 fixpack3 | |
dxp | eq | 7.2 fixpack4 | |
dxp | eq | 7.2 fixpack5 | |
dxp | eq | 7.2 fixpack1 | |
dxp | eq | 7.2 | |
dxp | eq | 7.2 fixpack6 | |
dxp | eq | 7.2 fixpack7 | |
dxp | eq | 7.2 fixpack8 | |
dxp | eq | 7.2 fixpack9 |