Description
Liferay Portal v7.1.0 through v7.4.2 and Liferay DXP 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 was discovered to contain a cross-site scripting (XSS) vulnerability in the Portal Search module's Custom Facet widget. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Parameter Name text field.
Remediation
References
Related Vulnerabilities
WordPress Plugin Images Lazyload and Slideshow Cross-Site Scripting (3.2)
OpenSSL Cryptographic Issues Vulnerability (CVE-2014-3570)
Joomla Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-4104)
WordPress Plugin BadgeOS SQL Injection (3.7.0)
Liferay Portal Deserialization of Untrusted Data Vulnerability (CVE-2019-16891)