CVE-2022-38901 Information

Description

A Cross-site scripting (XSS) vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the description field of uploaded svg file.

Reference

http://liferay.com https://www.offensity.com/en/blog/authenticated-persistent-xss-in-liferay-dxp-cms-cve-2022-38901-and-cve-2022-38902/ https://drive.proton.me/urls/D27RQ14NGW#b71d8XrBl2Mu https://drive.proton.me/urls/D27RQ14NGW#b71d8XrBl2Mu