Listen to this Post
This vulnerability is a reflected Cross-Site Scripting (XSS) flaw in the search bar portlet of Liferay Portal and Liferay DXP. The issue originates from the `getSearchURL()` method within the `SearchBarPortletDisplayContext` object, which returns a user-controlled URL value without proper sanitization. Specifically, the vulnerability exists in the `view.jsp` file where the unescaped output of `getSearchURL()` is rendered as the `action` attribute of an HTML `
