Description

XSS exists in Liferay Portal before 7.0 CE GA4(7.0.3) via a crafted redirect field to modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp.

Remediation

References

CVE-2016-10404

Related Vulnerabilities

Apache Tomcat Numeric Errors Vulnerability (CVE-2014-0099)

WordPress Plugin bbPress Security Bypass (2.6.3)

Envoy Proxy Incorrect Authorization Vulnerability (CVE-2021-32779)

WordPress Anti-CSRF Token Security Bypass Weakness (3.3.1)

WordPress Plugin Advanced Access Manager Unspecified Vulnerability (5.9.8.1)

Severity

Medium

Classification

CVE-2016-10404 CWE-707

Tags

Missing Update Known Vulnerabilities