Description

Cross-site scripting (XSS) vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter.

Remediation

References

CVE-2017-1000425

Related Vulnerabilities

Jboss EAP CVE-2017-12189 Vulnerability (CVE-2017-12189)

WordPress Plugin Ultimate Gift Cards For WooCommerce Cross-Site Request Forgery (2.1.1)

ownCloud Improper Input Validation Vulnerability (CVE-2012-2270)

Drupal Core 6.x Cross-Site Scripting (6.0 - 6.11)

WordPress Plugin TemplatesNext ToolKit Cross-Site Scripting (3.2.7)

Severity

Medium

Classification

CVE-2017-1000425 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities