Description

XSS exists in Liferay Portal before 7.0 CE GA4(7.0.3) via a crafted redirect field to modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp.

Remediation

References

CVE-2016-10404

Related Vulnerabilities

MySQL CVE-2012-3150 Vulnerability (CVE-2012-3150)

MySQL CVE-2012-3147 Vulnerability (CVE-2012-3147)

WordPress Plugin Login Security Solution Multiple Unspecified Vulnerabilities (0.50.0)

WordPress Plugin Simple File List Arbitrary File Upload (4.2.2)

WordPress Plugin 123devis-affiliation Cross-Site Scripting (1.0.4)

Severity

Medium

Classification

CVE-2016-10404 CWE-707

Tags

Missing Update Known Vulnerabilities