Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-12645)

Description

XSS exists in Liferay Portal before 7.0 CE GA4(7.0.3) via an invalid portletId.

Remediation

References

Related Vulnerabilities

WordPress Plugin Form Maker by 10Web-Mobile-Friendly Drag & Drop Contact Form Builder SQL Injection (1.14.2)

Oracle HTTP Server Other Vulnerability (CVE-2020-29506)

WordPress Plugin Duplicate Page Cross-Site Scripting (4.4.2)

Oracle JRE CVE-2018-2639 Vulnerability (CVE-2018-2639)

WordPress Plugin qTranslate Cross-Site Scripting (2.5.39)

Severity

Medium

Classification

CVE-2017-12645 CWE-707

Tags

Missing Update Known Vulnerabilities