Description
XSS exists in Liferay Portal before 7.0 CE GA4(7.0.3) via a crafted redirect field to modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp.
Remediation
References
Related Vulnerabilities
SSL Insecure Content Fixer Information Disclosure (2.0.0)
MySQL Other Vulnerability (CVE-2003-0780)
PostgreSQL Cryptographic Issues Vulnerability (CVE-2009-4034)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4400)
Form Maker by 10Web-Mobile-Friendly Drag & Drop Contact Form Builder Cross-Site Scripting (1.11.1)