Description
<!--td {border: 1px solid #cccccc;}br {mso-data-placement:same-cell;}-->A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.15, 2025.Q2.0 through 2025.Q2.2 and 2024.Q1.13 through 2024.Q1.19 allows a remote authenticated user to inject JavaScript code via snippet parameter.
Remediation
References
Related Vulnerabilities
SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-0932)
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-4301)
WordPress 3.9.x Cross-Site Scripting Vulnerability (3.9 - 3.9.9)
WordPress Plugin Media Library Assistant Multiple Cross-Site Scripting Vulnerabilities (2.73)