Description

In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call or . Liferay Portal out-of-the-box behavior with no customizations is not vulnerable.

Remediation

References

http://packetstormsecurity.com/files/153252/Liferay-Portal-7.1-CE-GA4-Cross-Site-Scripting.html

https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-71/-/asset_publisher/7v4O7y85hZMo/content/cst-7130-multiple-xss-vulnerabilities-in-7-1-ce-ga3

Related Vulnerabilities

CVE-2020-2258 Vulnerability in maven package org.jenkins-ci.plugins:cloudbees-jenkins-advisor

CVE-2022-46682 Vulnerability in maven package org.jenkins-ci.plugins:plot

CVE-2019-10376 Vulnerability in maven package org.jenkins-ci.plugins:jenkinswalldisplay

CVE-2019-19135 Vulnerability in maven package org.eclipse.milo:sdk-client

CVE-2020-6422 Vulnerability in npm package electron

Severity

Medium

Classification

CWE-79 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Vendor Advisory