Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A Cross-site scripting (XSS) vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the description field of uploaded svg file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Liferay Digital Experience Platform 跨站脚本漏洞
Vulnerability Description
Liferay Digital Experience Platform是美国Liferay公司的一种新兴的企业软件。旨在满足正在进行数字化转型的公司的需求,最终目标是提供更好的客户体验。 Liferay Digital Experience Platform 7.3.10 SP3版本存在安全漏洞。攻击者利用该漏洞将任意JS脚本或HTML注入svg文件的description字段。
CVSS Information
N/A
Vulnerability Type
N/A