Liferay Portal is vulnerable for Cross site scripting (XSS). A remote attacker is able to inject arbitrary Javascript into a victim’s browser via the p_p_id
parameter in the Plugins Confguration section of Control Panel.
CPE | Name | Operator | Version |
---|---|---|---|
liferay portal impl | eq | 5.2.3 | |
liferay portal service | eq | 5.2.3 |