WEB APPLICATION VULNERABILITIES Standard & Premium

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-12645)

Description

XSS exists in Liferay Portal before 7.0 CE GA4(7.0.3) via an invalid portletId.

Remediation

References

Related Vulnerabilities

WordPress Plugin Duplicate Post SQL Injection (1.1.9)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8228)

WordPress Plugin Tabs-Responsive Tabs with WooCommerce Product Tab Extension Cross-Site Scripting (3.7.1)

Internet Information Services Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2002-1700)

Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-0413)

Severity

Medium

Classification

CVE-2017-12645 CWE-707

Tags

Missing Update Known Vulnerabilities