Description
In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call
Remediation
References
https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-71/-/asset_publisher/7v4O7y85hZMo/content/cst-7130-multiple-xss-vulnerabilities-in-7-1-ce-ga3
http://packetstormsecurity.com/files/153252/Liferay-Portal-7.1-CE-GA4-Cross-Site-Scripting.html
Related Vulnerabilities
CVE-2017-1000393 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2014-0035 Vulnerability in maven package org.apache.cxf:cxf-rt-ws-security
CVE-2021-21610 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2019-1003044 Vulnerability in maven package org.jenkins-ci.plugins:slack