Vulnerabilities

CVE-2019-6588

by Fred · 03/06/2019

In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call " /> or " />. Liferay Portal out-of-the-box behavior with no customizations is not vulnerable.

Date published : 2019-06-03

https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-71/-/asset_publisher/7v4O7y85hZMo/content/cst-7130-multiple-xss-vulnerabilities-in-7-1-ce-ga3

http://packetstormsecurity.com/files/153252/Liferay-Portal-7.1-CE-GA4-Cross-Site-Scripting.html

Similar

Tags: Cybersecurity Alert