CVE-2022-38902
published 2022-10-13CVE-2022-38902: A Cross-site scripting (XSS) vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
A Cross-site scripting (XSS) vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| liferay | dxp | — | — |
| liferay | liferay_portal | 7.3.0 – 7.4.0 | — |