Description
Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered to contain a cross-site scripting (XSS) vulnerability in the Portal Search module's Custom Facet widget. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Parameter Name text field.
Remediation
References
Related Vulnerabilities
WordPress Plugin Feed Them Social-for Twitter feed, Youtube and more Cross-Site Scripting (1.6.9)
MySQL CVE-2021-35636 Vulnerability (CVE-2021-35636)
WordPress Plugin HubSpot All-In-One Marketing-Forms, Popups, Live Chat Cross-Site Scripting (7.5.5)
TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2005-4875)
MediaWiki Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2022-34750)