Description
In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call
Remediation
References
http://packetstormsecurity.com/files/153252/Liferay-Portal-7.1-CE-GA4-Cross-Site-Scripting.html
https://dev.liferay.com/web/community-security-team/known-vulnerabilities/liferay-portal-71/-/asset_publisher/7v4O7y85hZMo/content/cst-7130-multiple-xss-vulnerabilities-in-7-1-ce-ga3
Related Vulnerabilities
CVE-2018-8041 Vulnerability in maven package org.apache.camel:camel-mail
CVE-2022-45395 Vulnerability in maven package com.thalesgroup.jenkins-ci.plugins:cccc
CVE-2022-23710 Vulnerability in maven package org.elasticsearch:elasticsearch
CVE-2020-6532 Vulnerability in maven package org.webjars.npm:electron
CVE-2022-34179 Vulnerability in maven package org.jenkins-ci.plugins:embeddable-build-status