Vulnerability CVE-2022-26596
Published: 2022-04-25

Description:
Cross-site scripting (XSS) vulnerability in Journal module's web content display configuration page in Liferay Portal 7.1.0 through 7.3.3, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 8, allows remote attackers to inject arbitrary web script or HTML via web content template names.

 References:
http://liferay.com
Copyright 2026, cxsecurity.com

 

Back to Top