Listen to this Post
This CVE describes a Stored Cross-Site Scripting vulnerability within the Liferay Portal Commerce module, specifically affecting products of the ‘diagram’ type. The attack vector is a crafted SVG file uploaded to the platform. SVG files can contain JavaScript code within `
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent may adversely affect certain features and functions.
We do not sell your personal data. If you wish to exercise your rights under applicable privacy laws, please visit our Do Not Sell My Personal Information page.