Security Advisory

CVE-2022-28978

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-09-21 23:38:59

Last updated 2025-05-27 18:52:38

Assigner mitre

State PUBLISHED

Description

Stored cross-site scripting (XSS) vulnerability in the Site modules user membership administration page in Liferay Portal 7.0.1 through 7.4.1, and Liferay DXP 7.0 before fix pack 102, 7.1 before fix pack 26, 7.2 before fix pack 15, and 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the a users name.

← Browse all CVEs View on cve.org ↗