com.liferay:com.liferay.layout.admin.web is vulnerable to cross-site scripting. The library does not properly escape the COLLECTION_NAME
parameter before it output to the front end, allowing an attacker to inject and execute malicious javascript.
CPE | Name | Operator | Version |
---|---|---|---|
com.liferay.layout.admin.web | le | 4.0.80 | |
com.liferay.layout.admin.web | le | 4.0.80 |