WEB APPLICATION VULNERABILITIES Standard & Premium

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-12648)

Description

XSS exists in Liferay Portal before 7.0 CE GA4(7.0.3) via a bookmark URL.

Remediation

References

Related Vulnerabilities

WordPress Plugin Real WYSIWYG Cross-Site Scripting (0.0.2)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-27957)

Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-3719)

WordPress Plugin HTML5 AV Manager for WordPress 'custom.php' Arbitrary File Upload (0.2.7)

WordPress Plugin Processing Embed 'pluginurl' Parameter Cross-Site Scripting (0.5)

Severity

Medium

Classification

CVE-2017-12648 CWE-707

Tags

Missing Update Known Vulnerabilities