Description
Multiple cross-site scripting (XSS) vulnerabilities in group/control_panel/manage in Liferay Portal 6.1.2 CE GA3, 6.1.X EE, and 6.2.X EE allow remote attackers to inject arbitrary web script or HTML via the (1) _2_firstName, (2) _2_lastName, or (3) _2_middleName parameter.
Remediation
References
Related Vulnerabilities
Joomla! Core 3.9.x Directory Traversal (3.9.3 - 3.9.5)
Oracle JRE CVE-2013-2456 Vulnerability (CVE-2013-2456)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-10086)
WordPress Plugin WordPress Facebook SQL Injection (1.0.13)
WordPress Plugin Advanced Classifieds & Directory Pro Local File Inclusion (3.1.3)