Unrated severityNVD Advisory· Published Oct 19, 2022· Updated May 9, 2025
CVE-2022-38901
CVE-2022-38901
Description
A Cross-site scripting (XSS) vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the description field of uploaded svg file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: =7.3.10 SP3
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.