CST-7019 DoS vulnerability via SessionClicks

Description

Unsanitized data in SessionClicks allows an attacker to cause a denial-of-service (DoS) via crafted URLs. The denial-of-service is limited to users who have clicked on the crafted URL and may prevent the user from accessing some portlets.

Severity

Severity 2

Fixed Version(s)

Acknowledgments

This issue was reported by Marko Winkler

Publication date: Mon, 26 Jun 2017 09:00:00 +0000

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.