Stored cross-site scripting (XSS) vulnerability in Page Tree menu Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into page's "Name" text field.
{ "cpes": [ "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_10:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_11:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_12:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_13:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_14:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_15:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_16:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_17:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_18:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_19:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_1:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_20:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_21:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_22:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_23:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_2:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_3:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_4:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_5:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_6:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_7:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_8:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_9:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:-:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update1:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update21:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update34:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update36:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update41:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update48:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update50:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update52:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update62:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update67:*:*:*:*:*:*", "cpe:2.3:a:liferay:digital_experience_platform:7.4:update76:*:*:*:*:*:*" ], "severity": "Medium" }