LSV-748: XSS with the title of a modal window

Cross-site scripting (XSS) vulnerability in the Frontend JS module in Liferay DXP 7.0, 7.1 and 7.2 allows remote attackers to inject arbitrary web script or HTML via the title of a modal window.

Activity

Show:

Fixed

Pinned fields

Click on the next to a field label to start pinning.

Details
Assignee
EE Support
Reporter
Roland Pákai(Deactivated)
Priority
Low
Components

Zendesk Support

Created September 11, 2020 at 4:25 AM

Updated August 2, 2021 at 12:00 AM

Resolved November 6, 2020 at 5:32 AM

LSV-748: XSS with the title of a modal window

Affects versions

Fix versions

7.0 Fix Pack Version

7.1 Fix Pack Version

7.2 Fix Pack Version

7.3 Fix Pack Version

7.4 Fix Pack Version

CVE IDs

CVSS Base Score

CVSS Vector String

Labels

Description

Activity

DetailsAssigneeEE SupportEE SupportReporterRoland PákaiRoland Pákai(Deactivated)PriorityLowComponents

Details

Assignee

Reporter

Priority

Components

Zendesk SupportLinked Tickets

Zendesk Support

Details
Assignee
EE Support
Reporter
Roland Pákai(Deactivated)
Priority
Low
Components

Zendesk Support