Description
XSS exists in Liferay Portal before 7.0 CE GA4(7.0.3) via a crafted redirect field to modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp.
Remediation
References
Related Vulnerabilities
WebLogic CVE-2023-21841 Vulnerability (CVE-2023-21841)
WordPress Plugin flickrRSS Multiple Vulnerabilities (5.3.1)
Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-33331)
WordPress Plugin WordPress-Amazon-Associate (WPAA) Cross-Site Scripting (2.0)
Drupal Improper Input Validation Vulnerability (CVE-2014-5019)