Description
In Liferay Portal 6.1.0, the tags section has XSS via a Public Render Parameter (p_r_p) value, as demonstrated by p_r_p_564233524_tag.
Remediation
References
https://cxsecurity.com/issue/WLB-2017120169
Related Vulnerabilities
CVE-2023-40989 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-common
CVE-2023-46604 Vulnerability in maven package org.apache.activemq:activemq-openwire-legacy
CVE-2021-33605 Vulnerability in maven package com.vaadin:vaadin-checkbox-flow
CVE-2016-10735 Vulnerability in maven package org.webjars:bootstrap
CVE-2021-23463 Vulnerability in maven package com.h2database:h2