Headline
GHSA-px38-239g-x5mg: Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page
Cross-site scripting (XSS) vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a service access policy’s Service Class
text field.
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2023-37940
Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page
Moderate severity GitHub Reviewed Published Dec 18, 2024 to the GitHub Advisory Database • Updated Dec 18, 2024
Package
maven com.liferay.portal:release.dxp.bom (Maven)
Affected versions
>= 7.0, < 7.3.10.u30
>= 7.4, < 7.4.13.u88
Patched versions
7.3.10.u30
7.4.13.u88
maven com.liferay.portal:release.portal.bom (Maven)
Published to the GitHub Advisory Database
Dec 18, 2024
Last updated
Dec 18, 2024