Description
Liferay Portal through 7.2.0 GA1 allows XSS via a journal article title to journal_article/page.jsp in journal/journal-taglib.
Remediation
References
https://github.com/liferay/liferay-portal/commit/7e063aed70f947a92bb43a4471e0c4e650fe8f7f
Related Vulnerabilities
CVE-2021-43138 Vulnerability in maven package org.webjars:async
CVE-2011-4343 Vulnerability in maven package org.apache.myfaces.core:myfaces-impl
CVE-2018-1324 Vulnerability in maven package org.apache.commons:commons-compress
CVE-2022-2564 Vulnerability in npm package mongoose
CVE-2013-6372 Vulnerability in maven package org.jenkins-ci.plugins:subversion