Description
XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL.
Remediation
References
https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-70/-/asset_publisher/cjE0ourZXJZE/content/cst-7017-multiple-xss-vulnerabilities
https://github.com/brianchandotcom/liferay-portal/pull/47888
Related Vulnerabilities
CVE-2021-41182 Vulnerability in maven package org.webjars.bower:jquery-ui
CVE-2020-36629 Vulnerability in npm package httpster
CVE-2022-25231 Vulnerability in npm package node-opcua
CVE-2022-25857 Vulnerability in maven package org.yaml:snakeyaml
CVE-2022-24948 Vulnerability in maven package org.apache.jspwiki:jspwiki-main