CVE-2022-38901
CVE-2022-38901CVE-2022-38901
liferay / dxp
Description
A Cross-site scripting (XSS) vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the description field of uploaded svg file.
Scoring
| CVSS | 5.4 () |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
| Last modified | 2026-07-05 |