Description
A Cross-site scripting (XSS) vulnerability in the Sharing module's user notification in Liferay Portal 7.2.1 through 7.4.2, and Liferay DXP 7.2 before fix pack 19, and 7.3 before update 4 allows remote attackers to inject arbitrary web script or HTML by sharing an asset with a crafted payload.
Remediation
References
Related Vulnerabilities
Drupal Core 4.6.x Security Bypass (4.6.0 - 4.6.3)
Ruby on Rails Resource Management Errors Vulnerability (CVE-2015-7581)
WordPress Plugin WordPress Affiliates-SliceWP Cross-Site Scripting (1.0.45)
WordPress Plugin Debug Bar Unspecified Vulnerability (0.8)
Oracle Database Server CVE-2015-4740 Vulnerability (CVE-2015-4740)