Description
In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call
Remediation
References
http://packetstormsecurity.com/files/153252/Liferay-Portal-7.1-CE-GA4-Cross-Site-Scripting.html
https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-71/-/asset_publisher/7v4O7y85hZMo/content/cst-7130-multiple-xss-vulnerabilities-in-7-1-ce-ga3
Related Vulnerabilities
CVE-2020-2258 Vulnerability in maven package org.jenkins-ci.plugins:cloudbees-jenkins-advisor
CVE-2022-46682 Vulnerability in maven package org.jenkins-ci.plugins:plot
CVE-2019-10376 Vulnerability in maven package org.jenkins-ci.plugins:jenkinswalldisplay
CVE-2019-19135 Vulnerability in maven package org.eclipse.milo:sdk-client