Cross-site scripting (XSS) vulnerability in the Asset module's asset categories selector in Liferay Portal 7.3.3 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the name of a asset category.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2022-04-19T12:46:15
Updated: 2024-08-03T05:03:33.251Z
Reserved: 2022-03-07T00:00:00
Link: CVE-2022-26593
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-04-19T13:15:08.393
Modified: 2022-04-27T17:44:30.747
Link: CVE-2022-26593
Redhat
No data.