Description

XSS exists in Liferay Portal before 7.0 CE GA4(7.0.3) via a crafted redirect field to modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp.

Remediation

References

CVE-2016-10404

Related Vulnerabilities

WordPress Plugin Google Forms Unspecified Vulnerability (0.93)

Internet Information Services Other Vulnerability (CVE-2000-0951)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-5835)

MySQL CVE-2020-14614 Vulnerability (CVE-2020-14614)

WordPress Plugin MyBlogU Cross-Site Scripting (0.0.7)

Severity

Medium

Classification

CVE-2016-10404 CWE-707

Tags

Missing Update Known Vulnerabilities