During a web application penetration test for one of our clients we identified two persistent Cross Site Scripting (XSS) vulnerabilities in the Liferay DXP content management system.
Affected products and versions: Liferay Portal 7.3.5 through 184.108.40.206, and Liferay DXP 7.3 before update 6, and 7.4 before update 29
The Vulnerable parameter of the POST HTTP request was:
In the second case, a persistent XSS vulnerability allows authenticated remote attackers to inject arbitrary JS script payload into the Name text field of a category. This affected the application on a larger scale than the first mentioned vulnerability because the issue affected any asset that supports categories.
Affected products and versions: Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before update 9
The vulnerable parameter of the POST HTTP request was:
In both cases, a successful attack could lead to the execution of arbitrary actions by the victim user, potentially leading to privilege escalation.
Both issues were reported to the vendor Liferay as a responsible disclosure, they were assigned with the two following CVE numbers:
The security problem was addressed and fixed in the Liferay Portal 7.4 GA4 (220.127.116.11) +.