Description
In Liferay Portal 7.1 CE GA4, multiple cross-site scripting (XSS) vulnerabilities allow remote attackers to inject arbitrary web script or HTML into a page.
Severity
Severity 2
Fixed Version(s)
- March 2020 source patch for Liferay Portal 7.1.3. Details for working with source patches can be found on the Patching Liferay Portal page.
Acknowledgments
Some vulnerabilities reported by Dennis Van Elst
Publication date: Tue, 25 Jun 2019 22:36:00 +0000