Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-12645)

Description

XSS exists in Liferay Portal before 7.0 CE GA4(7.0.3) via an invalid portletId.

Remediation

References

Related Vulnerabilities

Oracle JRE CVE-2013-5854 Vulnerability (CVE-2013-5854)

Apache Tomcat Missing Release of Resource after Effective Lifetime Vulnerability (CVE-2021-42340)

Apache HTTP Server CVE-2013-1896 Vulnerability (CVE-2013-1896)

Oracle JRE CVE-2020-2816 Vulnerability (CVE-2020-2816)

OpenSSL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2009-0590)

Severity

Medium

Classification

CVE-2017-12645 CWE-707

Tags

Missing Update Known Vulnerabilities