Description
Stored cross-site scripting (XSS) vulnerability in Users Admin module's edit user page in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into an organization’s “Name” text field
Remediation
References
Related Vulnerabilities
Drupal Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-13675)
silverstripeCMS Improper Restriction of XML External Entity Reference Vulnerability (CVE-2020-25817)
Apache Tomcat Deserialization of Untrusted Data Vulnerability (CVE-2020-9484)
WordPress Plugin Minimal Coming Soon & Maintenance Mode-Coming Soon Page Security Bypass (2.15)
WordPress Plugin AccessPress Social Icons SQL Injection (1.8.0)