Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2022-38902
Reference:
CVE-2022-38902
Title:
Liferay Portal Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:
A Cross-site scripting (XSS) vulnerability in the Blog module - add new topic functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the name field of newly created topic.