Description
A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 7.4 GA through update 92 allows an remote non-authenticated attacker to inject JavaScript into the modules/apps/marketplace/marketplace-app-manager-web.
Remediation
References
Related Vulnerabilities
WordPress Plugin Easy2Map Photos Multiple Vulnerabilities (1.0.9)
WordPress Plugin Welcart e-Commerce PHP Object Injection (1.9.3)
WordPress Plugin Magic Post Voice Cross-Site Scripting (1.2)
WordPress Plugin Lightbox Gallery Cross-Site Scripting (0.9.4)
LimeSurvey Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2019-16175)