CST-7107 HTML injection in notification emails

Description

Notification emails sent to users in Liferay Portal 7.1 CE GA1 is vulnerable to HTML injection. An attacker can exploit this vulnerability for phishing attacks.

Severity

Severity 2

Fixed Version(s)

Publication date: Mon, 12 Nov 2018 09:39:00 +0000

Security advisories for Liferay's enterprise offerings (e.g., Liferay DXP) are only listed here since 2023. Historial advisories are availabe in the Help Center.