Description XSS exists in Liferay Portal before 7.0 CE GA4(7.0.3) via a bookmark URL. Remediation References CVE-2017-12648 Related Vulnerabilities Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-13592) Apache Traffic Server Improper Input Validation Vulnerability (CVE-2019-10079) Drupal Other Vulnerability (CVE-2006-2260) WordPress Plugin Simple Matted Thumbnails Cross-Site Scripting (1.01) Oracle JRE CVE-2018-2663 Vulnerability (CVE-2018-2663) Severity Medium Classification CVE-2017-12648 CWE-707 Tags Missing Update Known Vulnerabilities