Submit Feedback
Knowledge Base
Published Jun. 30, 2025

XSS Vulnerability present when using Web Content Article's source code

Written By

Adrienne Lao

How To articles are not official guidelines or officially supported documentation. They are community-contributed content and may not always reflect the latest updates to Liferay DXP. We welcome your feedback to improve How To articles!

While we make every effort to ensure this Knowledge Base is accurate, it may not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with any feedback or concerns.

Issue

  • We've observed a XSS Vulnerability present when using Web Content Article's source code. 
  • This vulnerability appears to be present when involving the deployment of a payload via the source code. 
  • Steps to reproduce:
    1. Create a Web Content Article
    2. Edit the <> Source Code and add the payload: 
      synack<img src=x onerror=alert(location)>
    3. Publish
    4. Attempt to edit/preview the article and observe that a pop-up window appears containing what appears to be a patch to the article. 

Environment

  • DXP 7.3

Resolution

  • This behavior has been addressed in LPE-17988. Please request a hotfix including this LPE to resolve the behavior.

 

 

Did this article resolve your issue ?
Knowledge Base
Did this article resolve your issue ?