[LPE-17406] LSV-954: Stored XSS with search results if highlighting is disabled - Liferay Issues

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 7.1 DXP (7.1.10)
Fix Version/s: 7.1.x EE
Component/s: None
Labels:

CVSS Base Score:
5.4
CVSS Vector String:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
7.1 Fix Pack Version:
27

Description

Cross-site scripting (XSS) vulnerability in the Portal Search module's Search Result app in Liferay DXP allows remote attackers to inject arbitrary web script or HTML into the Search Result app's search result by adding any searchable content (e.g., blog, message board message, web content article) to the application.

Attachments

Activity

People

Assignee:: EE Support

Reporter:: Enterprise Release HU

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 26/Oct/21 6:58 AM

Updated:: 13/Jul/22 3:14 PM

Resolved:: 13/Jul/22 3:14 PM

Packages

Version	Package
7.1.x EE