Description
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2024.Q1.1 through 2024.Q1.18 and 7.4 GA through update 92 allows a remote authenticated attacker to inject JavaScript code via _com_liferay_commerce_product_definitions_web_internal_portlet_CPDefinitionsPortlet_productTypeName parameter. This malicious payload is then reflected and executed within the user's browser.
Remediation
References
Related Vulnerabilities
TCExam Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-20114)
WordPress Plugin Wonder PDF Embed Cross-Site Scripting (1.6)
MySQL CVE-2019-2791 Vulnerability (CVE-2019-2791)
MySQL CVE-2018-2767 Vulnerability (CVE-2018-2767)
WordPress Plugin wp Dreamwork Gallery 'upload.php' Arbitrary File Upload (2.1)