Description

In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property 'portlet.resource.id.banned.paths.regexp' can be bypassed with doubled encoded URLs.

Remediation

References

CVE-2020-15840

Related Vulnerabilities

WordPress Plugin eShop Multiple Cross-Site Scripting Vulnerabilities (6.2.8)

Oracle JRE CVE-2019-2945 Vulnerability (CVE-2019-2945)

WordPress Plugin Comments-wpDiscuz Cross-Site Request Forgery (3.2.8)

MySQL CVE-2018-2759 Vulnerability (CVE-2018-2759)

WordPress Plugin WordPress Calls to Action Unspecified Vulnerability (2.3.1)

Severity

Medium

Classification

CVE-2020-15840 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities