CNNVD-202510-3212 Information
CNNVD ID
CNNVD-202510-3212
Related CVE
- CNNVD Published: 2025-10-23
Description (Chinese)
Liferay Portal和Liferay DXP都是美国Liferay公司的产品。Liferay Portal是一套基于J2EE的门户解决方案。该方案使用了EJB以及JMS等技术,并可作为Web发布和共享工作区、企业协作平台、社交网络等。Liferay DXP是一套数字化体验协作平台。 Liferay Portal 7.4.0版本至7.4.3.101版本和Liferay DXP 2023.Q3.1版本至2023.Q3.5版本和7.4 GA版本至update 92版本存在跨站脚本漏洞,该漏洞源于对附件文件名中特制有效载荷处理不当,可能导致跨站脚本攻击。
Description (English)
Liferay Portal and Liferay DXP are products of the United States company Liferay. Liferay Portal is a portal solution based on J2EE. The programme uses technologies such as EJB and JMS, and can be used as a Web-based workspace, corporate collaboration platform, social networking etc. Liferay DXP is a collaborative platform for digital experience. Liveray Portal version 7.4.0 to 7.4.3.101 and Liveray DXP version 2023.Q3.1 to 2023.Q3.5 and 7.4 GA version to update 92 have cross-site script loopholes, which result from inappropriate handling of specially made payloads in the name of the attached document and may result in cross-site script attacks.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Liferay
Published
2025-10-23
Last Modified
2026-02-24
References
Patch
https://www.liferay.com/zh/downloads-community
Share on: