Stored cross-site scripting (XSS) vulnerability in Page Tree menu Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into page's "Name" text field.
{
"unresolved_ranges": [
{
"cpes": [
"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_10:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_11:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_12:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_13:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_14:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_15:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_16:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_17:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_18:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_19:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_1:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_20:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_21:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_22:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_23:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_2:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_3:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_4:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_5:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_6:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_7:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_8:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.1:fix_pack_9:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.4:-:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.4:update1:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.4:update21:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.4:update34:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.4:update36:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.4:update41:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.4:update48:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.4:update50:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.4:update52:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.4:update62:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.4:update67:*:*:*:*:*:*",
"cpe:2.3:a:liferay:digital_experience_platform:7.4:update76:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "7.1-fix_pack_1"
},
{
"last_affected": "7.1-fix_pack_1"
},
{
"introduced": "7.1-fix_pack_10"
},
{
"last_affected": "7.1-fix_pack_10"
},
{
"introduced": "7.1-fix_pack_11"
},
{
"last_affected": "7.1-fix_pack_11"
},
{
"introduced": "7.1-fix_pack_12"
},
{
"last_affected": "7.1-fix_pack_12"
},
{
"introduced": "7.1-fix_pack_13"
},
{
"last_affected": "7.1-fix_pack_13"
},
{
"introduced": "7.1-fix_pack_14"
},
{
"last_affected": "7.1-fix_pack_14"
},
{
"introduced": "7.1-fix_pack_15"
},
{
"last_affected": "7.1-fix_pack_15"
},
{
"introduced": "7.1-fix_pack_16"
},
{
"last_affected": "7.1-fix_pack_16"
},
{
"introduced": "7.1-fix_pack_17"
},
{
"last_affected": "7.1-fix_pack_17"
},
{
"introduced": "7.1-fix_pack_18"
},
{
"last_affected": "7.1-fix_pack_18"
},
{
"introduced": "7.1-fix_pack_19"
},
{
"last_affected": "7.1-fix_pack_19"
},
{
"introduced": "7.1-fix_pack_2"
},
{
"last_affected": "7.1-fix_pack_2"
},
{
"introduced": "7.1-fix_pack_20"
},
{
"last_affected": "7.1-fix_pack_20"
},
{
"introduced": "7.1-fix_pack_21"
},
{
"last_affected": "7.1-fix_pack_21"
},
{
"introduced": "7.1-fix_pack_22"
},
{
"last_affected": "7.1-fix_pack_22"
},
{
"introduced": "7.1-fix_pack_23"
},
{
"last_affected": "7.1-fix_pack_23"
},
{
"introduced": "7.1-fix_pack_3"
},
{
"last_affected": "7.1-fix_pack_3"
},
{
"introduced": "7.1-fix_pack_4"
},
{
"last_affected": "7.1-fix_pack_4"
},
{
"introduced": "7.1-fix_pack_5"
},
{
"last_affected": "7.1-fix_pack_5"
},
{
"introduced": "7.1-fix_pack_6"
},
{
"last_affected": "7.1-fix_pack_6"
},
{
"introduced": "7.1-fix_pack_7"
},
{
"last_affected": "7.1-fix_pack_7"
},
{
"introduced": "7.1-fix_pack_8"
},
{
"last_affected": "7.1-fix_pack_8"
},
{
"introduced": "7.1-fix_pack_9"
},
{
"last_affected": "7.1-fix_pack_9"
},
{
"introduced": "7.4-NA"
},
{
"last_affected": "7.4-NA"
},
{
"introduced": "7.4-update1"
},
{
"last_affected": "7.4-update1"
},
{
"introduced": "7.4-update21"
},
{
"last_affected": "7.4-update21"
},
{
"introduced": "7.4-update34"
},
{
"last_affected": "7.4-update34"
},
{
"introduced": "7.4-update36"
},
{
"last_affected": "7.4-update36"
},
{
"introduced": "7.4-update41"
},
{
"last_affected": "7.4-update41"
},
{
"introduced": "7.4-update48"
},
{
"last_affected": "7.4-update48"
},
{
"introduced": "7.4-update50"
},
{
"last_affected": "7.4-update50"
},
{
"introduced": "7.4-update52"
},
{
"last_affected": "7.4-update52"
},
{
"introduced": "7.4-update62"
},
{
"last_affected": "7.4-update62"
},
{
"introduced": "7.4-update67"
},
{
"last_affected": "7.4-update67"
},
{
"introduced": "7.4-update76"
},
{
"last_affected": "7.4-update76"
}
],
"source": "CPE_STRING",
"vendor_product": "liferay:digital_experience_platform"
}
]
}