Submit Feedback
Legacy Knowledge Base
Published Jul. 2, 2025

Stored XSS with Blog

Written By

Kanchan Bisht

How To articles are not official guidelines or officially supported documentation. They are community-contributed content and may not always reflect the latest updates to Liferay DXP. We welcome your feedback to improve How to articles!

While we make every effort to ensure this Knowledge Base is accurate,it may not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with any feedback or concerns.

Legacy Article

You are viewing an article from our legacy "FastTrack" publication program, made available for informational purposes. Articles in this program were published without a requirement for independent editing or verification and are provided"as is" without guarantee.

Before using any information from this article, independently verify its suitability for your situation and project.

Issue

  • Steps to reproduce:
    1) Add a Blog's widget to a page
    2) Add a blog entry
    3) In the content field, switch to code view (or source view)
    4) Enter a script in the content field.
    5) View the newly added blog entry
    Observed Behavior: The script runs
    Expected Behavior: Script doesn't run.

Environment

  • Liferay DXP 7.1
  • Liferay DXP 7.2
  • Liferay DXP 7.3

Resolution

  • The observed behavior is a known bug of Liferay DXP and is addressed by LPS-147320.

Additional Information

  • If the hotfix is required for this issue, please create a support ticket requesting the hotfix by attaching the patch details.
  • Installing Fix Packs and Hotfixes on Liferay DXP will guide you to install the Fixpack/Hotfix in your environment.
Did this article resolve your issue ?
Legacy Knowledge Base
Did this article resolve your issue ?