Description
In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call
Remediation
References
http://packetstormsecurity.com/files/153252/Liferay-Portal-7.1-CE-GA4-Cross-Site-Scripting.html
https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-71/-/asset_publisher/7v4O7y85hZMo/content/cst-7130-multiple-xss-vulnerabilities-in-7-1-ce-ga3
Related Vulnerabilities
CVE-2018-20677 Vulnerability in maven package org.webjars.bowergithub.angular-ui:bootstrap
CVE-2023-44487 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2015-3337 Vulnerability in maven package org.elasticsearch:elasticsearch
CVE-2017-15691 Vulnerability in maven package org.apache.uima:uimaj-ep-cas-editor