Description
In Liferay Portal 6.1.0, the tags section has XSS via a Public Render Parameter (p_r_p) value, as demonstrated by p_r_p_564233524_tag.
Remediation
References
https://cxsecurity.com/issue/WLB-2017120169
Related Vulnerabilities
CVE-2021-41183 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery-ui
CVE-2023-27162 Vulnerability in maven package org.openapitools:openapi-generator-project
CVE-2020-7677 Vulnerability in npm package thenify
CVE-2021-41164 Vulnerability in npm package ckeditor4
CVE-2020-36632 Vulnerability in maven package org.webjars.npm:flat