Description
Cross-site scripting (XSS) vulnerability in HtmlUtil.escapeJsLink in Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via crafted javascript: style links.
Remediation
References
Related Vulnerabilities
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-7491)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-2600)
WordPress Plugin Simple:Press 'sf-header-forum.php' SQL Injection (4.3.0)
WordPress Plugin WP REST API (WP API) Cross-Site Scripting (1.2.2)
Drupal Improper Privilege Management Vulnerability (CVE-2017-6924)