CVE-2020-7934

MEDIUM LAB

Liferay Portal 7.1.0-7.2.1 GA2 - Stored Cross-Site Scripting in User Account Name Fields

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2020-7934. PoCs published by 3ndG4me, giardinas-dev.

AI-analyzed exploit summary This is a proof-of-concept for a stored XSS vulnerability in LifeRay 7.2.1 GA2. It demonstrates credential phishing by prompting the user for email and password, then sending the captured data to an attacker-controlled server.

Description

In LifeRay Portal CE 7.1.0 through 7.2.1 GA2, the First Name, Middle Name, and Last Name fields for user accounts in MyAccountPortlet are all vulnerable to a persistent XSS issue. Any user can modify these fields with a particular XSS payload, and it will be stored in the database. The payload will then be rendered when a user utilizes the search feature to search for other users (i.e., if a user with modified fields occurs in the search results). This issue was fixed in Liferay Portal CE version 7.3.0 GA1.

Exploits (3)

exploitdb WORKING POC
by 3ndG4me · textwebappsmultiple
https://www.exploit-db.com/exploits/49091

This is a proof-of-concept for a stored XSS vulnerability in LifeRay 7.2.1 GA2. It demonstrates credential phishing by prompting the user for email and password, then sending the captured data to an attacker-controlled server.

Classification
Working Poc 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: LifeRay 7.1.0 to 7.2.1 GA2
No auth needed
Prerequisites: A vulnerable LifeRay instance with a field that allows script injection · Ability to host the malicious JavaScript on an attacker-controlled server
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 6 stars
by 3ndG4me · poc
https://github.com/3ndG4me/liferay-xss-7.2.1GA2-poc-report-CVE-2020-7934

This repository contains a functional proof-of-concept for CVE-2020-7934, an authenticated stored XSS vulnerability in Liferay Portal 7.2.1 GA2. The exploit demonstrates how malicious JavaScript can be injected into user profile fields and executed when another user searches for the infected profile.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Liferay Portal 7.2.1 GA2
Auth required
Prerequisites: Access to a user account with editable profile fields · User must be searchable in Liferay
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by giardinas-dev · poc
https://github.com/giardinas-dev/audit-xss-cve-2020-7934

This repository contains a functional proof-of-concept for CVE-2020-7934, a stored XSS vulnerability in Liferay Portal 7.2.1 GA2. The exploit demonstrates credential phishing by injecting malicious JavaScript into a user's profile field, which executes when an admin views the user's details.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: Liferay Portal 7.2.1 GA2
Auth required
Prerequisites: Docker for environment setup · Admin access to Liferay Portal · User registration in Liferay
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 5.4
EPSS 0.0446
EPSS Percentile 90.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Lab Environment

COMMUNITY
Community Lab
docker pull liferay/portal:7.2.1-ga2

Details

CWE
CWE-79
Status published
Products (2)
com.liferay.portal/release.portal.bom 7.1.0 - 7.3.0Maven
liferay/liferay_portal 7.1.0 - 7.2.1
Published Jan 28, 2020
Tracked Since Feb 18, 2026