Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-10404)

Description

XSS exists in Liferay Portal before 7.0 CE GA4(7.0.3) via a crafted redirect field to modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp.

Remediation

References

CVE-2016-10404

Related Vulnerabilities

WordPress Plugin Appointment Hour Booking-WordPress Booking Cross-Site Scripting (1.3.16)

Joomla Missing Authorization Vulnerability (CVE-2019-9713)

TYPO3 Deserialization of Untrusted Data Vulnerability (CVE-2020-11067)

PHP CVE-2009-3292 Vulnerability (CVE-2009-3292)

MySQL CVE-2019-2810 Vulnerability (CVE-2019-2810)

Severity

Medium

Classification

CVE-2016-10404 CWE-707

Description

Remediation

References

Related Vulnerabilities

Severity

Classification

Tags

Take action and discover your vulnerabilities