Description XSS exists in Liferay Portal before 7.0 CE GA4(7.0.3) via an invalid portletId. Remediation References CVE-2017-12645 Related Vulnerabilities WordPress Plugin Duplicate Post SQL Injection (1.1.9) Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8228) WordPress Plugin Tabs-Responsive Tabs with WooCommerce Product Tab Extension Cross-Site Scripting (3.7.1) Internet Information Services Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2002-1700) Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-0413) Severity Medium Classification CVE-2017-12645 CWE-707 Tags Missing Update Known Vulnerabilities