Description XSS exists in Liferay Portal before 7.0 CE GA4(7.0.3) via an invalid portletId. Remediation References CVE-2017-12645 Related Vulnerabilities WordPress Plugin The Post Grid-Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid Cross-Site Request Forgery (5.0.4) Jboss EAP Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-10862) Internet Information Services Other Vulnerability (CVE-2000-0126) Drupal Incorrect Authorization Vulnerability (CVE-2020-13676) Microsoft SQL Server CVE-2023-21704 Vulnerability (CVE-2023-21704) Severity Medium Classification CVE-2017-12645 CWE-707 Tags Missing Update Known Vulnerabilities