Description

XSS exists in Liferay Portal before 7.0 CE GA4(7.0.3) via a crafted redirect field to modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp.

Remediation

References

CVE-2016-10404

Related Vulnerabilities

SharePoint Resource Management Errors Vulnerability (CVE-2015-0086)

OpenSSL Cryptographic Issues Vulnerability (CVE-2019-1543)

Apache HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2018-17189)

WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2015-4852)

SeoPanel Cross-site Scripting (XSS) Vulnerability (CVE-2020-35930)

Severity

Medium

Classification

CVE-2016-10404 CWE-707

Tags

Missing Update Known Vulnerabilities