Description
A Cross-site scripting (XSS) vulnerability in Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the `redirect` parameter.
Remediation
References
Related Vulnerabilities
ColdFusion User-Agent cross-site scripting
Apache HTTP Server Integer Overflow or Wraparound Vulnerability (CVE-2022-22721)
WordPress Plugin Slideshow Gallery LITE Cross-Site Scripting (1.6.4)
PHP Improper Input Validation Vulnerability (CVE-2012-0831)
WordPress Plugin Wordspew 'id' Parameter SQL Injection (1.16)